SUSE update for the Linux Kernel



| Updated: 2024-10-25
Risk Medium
Patch available YES
Number of vulnerabilities 82
CVE-ID CVE-2022-36280
CVE-2022-38096
CVE-2022-4269
CVE-2022-45884
CVE-2022-45885
CVE-2022-45886
CVE-2022-45887
CVE-2022-45919
CVE-2022-4744
CVE-2023-0045
CVE-2023-0122
CVE-2023-0179
CVE-2023-0394
CVE-2023-0461
CVE-2023-0469
CVE-2023-0590
CVE-2023-0597
CVE-2023-1075
CVE-2023-1076
CVE-2023-1077
CVE-2023-1079
CVE-2023-1095
CVE-2023-1118
CVE-2023-1249
CVE-2023-1382
CVE-2023-1513
CVE-2023-1582
CVE-2023-1583
CVE-2023-1611
CVE-2023-1637
CVE-2023-1652
CVE-2023-1670
CVE-2023-1829
CVE-2023-1838
CVE-2023-1855
CVE-2023-1989
CVE-2023-1998
CVE-2023-2002
CVE-2023-21102
CVE-2023-21106
CVE-2023-2124
CVE-2023-2156
CVE-2023-2162
CVE-2023-2176
CVE-2023-2235
CVE-2023-2269
CVE-2023-22998
CVE-2023-23000
CVE-2023-23001
CVE-2023-23004
CVE-2023-23006
CVE-2023-2430
CVE-2023-2483
CVE-2023-25012
CVE-2023-2513
CVE-2023-26545
CVE-2023-28327
CVE-2023-28410
CVE-2023-28464
CVE-2023-28866
CVE-2023-3006
CVE-2023-30456
CVE-2023-30772
CVE-2023-3090
CVE-2023-31084
CVE-2023-3111
CVE-2023-3141
CVE-2023-31436
CVE-2023-3161
CVE-2023-3212
CVE-2023-3220
CVE-2023-32233
CVE-2023-33288
CVE-2023-3357
CVE-2023-3358
CVE-2023-3389
CVE-2023-33951
CVE-2023-33952
CVE-2023-35788
CVE-2023-35823
CVE-2023-35828
CVE-2023-35829
CWE-ID CWE-787
CWE-476
CWE-833
CWE-416
CWE-362
CWE-415
CWE-254
CWE-190
CWE-401
CWE-843
CWE-665
CWE-1342
CWE-264
CWE-125
CWE-617
CWE-667
CWE-466
CWE-119
CWE-1037
CWE-20
CWE-682
Exploitation vector Network
Public exploit Public exploit code for vulnerability #10 is available.
Public exploit code for vulnerability #12 is available.
Public exploit code for vulnerability #33 is available.
Public exploit code for vulnerability #37 is available.
Public exploit code for vulnerability #38 is available.
Public exploit code for vulnerability #72 is available.
Vulnerable software
SUSE Linux Enterprise Live Patching
Operating systems & Components / Operating system

SUSE Linux Enterprise High Availability Extension 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Workstation Extension 15
Operating systems & Components / Operating system

Development Tools Module
Operating systems & Components / Operating system

Legacy Module
Operating systems & Components / Operating system

Basesystem Module
Operating systems & Components / Operating system

SUSE Linux Enterprise Server for SAP Applications 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Server 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Real Time 15
Operating systems & Components / Operating system

SUSE Linux Enterprise High Performance Computing 15
Operating systems & Components / Operating system

SUSE Linux Enterprise Desktop 15
Operating systems & Components / Operating system

openSUSE Leap
Operating systems & Components / Operating system

kernel-64kb
Operating systems & Components / Operating system package or component

dtb-arm
Operating systems & Components / Operating system package or component

ocfs2-kmp-64kb
Operating systems & Components / Operating system package or component

cluster-md-kmp-64kb-debuginfo
Operating systems & Components / Operating system package or component

kernel-64kb-debugsource
Operating systems & Components / Operating system package or component

dtb-amlogic
Operating systems & Components / Operating system package or component

kselftests-kmp-64kb-debuginfo
Operating systems & Components / Operating system package or component

kernel-64kb-devel
Operating systems & Components / Operating system package or component

dtb-apple
Operating systems & Components / Operating system package or component

kselftests-kmp-64kb
Operating systems & Components / Operating system package or component

kernel-64kb-devel-debuginfo
Operating systems & Components / Operating system package or component

dtb-amazon
Operating systems & Components / Operating system package or component

dtb-renesas
Operating systems & Components / Operating system package or component

gfs2-kmp-64kb-debuginfo
Operating systems & Components / Operating system package or component

reiserfs-kmp-64kb
Operating systems & Components / Operating system package or component

dlm-kmp-64kb-debuginfo
Operating systems & Components / Operating system package or component

kernel-64kb-extra-debuginfo
Operating systems & Components / Operating system package or component

dtb-socionext
Operating systems & Components / Operating system package or component

dtb-rockchip
Operating systems & Components / Operating system package or component

dtb-altera
Operating systems & Components / Operating system package or component

dtb-qcom
Operating systems & Components / Operating system package or component

dtb-sprd
Operating systems & Components / Operating system package or component

dlm-kmp-64kb
Operating systems & Components / Operating system package or component

dtb-broadcom
Operating systems & Components / Operating system package or component

dtb-mediatek
Operating systems & Components / Operating system package or component

dtb-marvell
Operating systems & Components / Operating system package or component

kernel-64kb-optional-debuginfo
Operating systems & Components / Operating system package or component

kernel-64kb-optional
Operating systems & Components / Operating system package or component

dtb-apm
Operating systems & Components / Operating system package or component

dtb-freescale
Operating systems & Components / Operating system package or component

ocfs2-kmp-64kb-debuginfo
Operating systems & Components / Operating system package or component

dtb-lg
Operating systems & Components / Operating system package or component

dtb-cavium
Operating systems & Components / Operating system package or component

gfs2-kmp-64kb
Operating systems & Components / Operating system package or component

cluster-md-kmp-64kb
Operating systems & Components / Operating system package or component

dtb-nvidia
Operating systems & Components / Operating system package or component

reiserfs-kmp-64kb-debuginfo
Operating systems & Components / Operating system package or component

dtb-amd
Operating systems & Components / Operating system package or component

kernel-64kb-extra
Operating systems & Components / Operating system package or component

kernel-64kb-debuginfo
Operating systems & Components / Operating system package or component

kernel-64kb-livepatch-devel
Operating systems & Components / Operating system package or component

dtb-allwinner
Operating systems & Components / Operating system package or component

dtb-xilinx
Operating systems & Components / Operating system package or component

dtb-hisilicon
Operating systems & Components / Operating system package or component

dtb-exynos
Operating systems & Components / Operating system package or component

dtb-aarch64
Operating systems & Components / Operating system package or component

kernel-zfcpdump-debugsource
Operating systems & Components / Operating system package or component

kernel-zfcpdump-debuginfo
Operating systems & Components / Operating system package or component

kernel-zfcpdump
Operating systems & Components / Operating system package or component

kernel-livepatch-5_14_21-150500_55_7-default
Operating systems & Components / Operating system package or component

kernel-livepatch-SLE15-SP5_Update_1-debugsource
Operating systems & Components / Operating system package or component

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-kvmsmall
Operating systems & Components / Operating system package or component

kselftests-kmp-default
Operating systems & Components / Operating system package or component

kernel-obs-qa
Operating systems & Components / Operating system package or component

reiserfs-kmp-default
Operating systems & Components / Operating system package or component

kernel-default-optional-debuginfo
Operating systems & Components / Operating system package or component

reiserfs-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-livepatch
Operating systems & Components / Operating system package or component

kernel-default-livepatch-devel
Operating systems & Components / Operating system package or component

kernel-syms
Operating systems & Components / Operating system package or component

kernel-default-devel
Operating systems & Components / Operating system package or component

kernel-default-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-obs-build-debugsource
Operating systems & Components / Operating system package or component

kernel-obs-build
Operating systems & Components / Operating system package or component

kselftests-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-optional
Operating systems & Components / Operating system package or component

kernel-default-base-rebuild
Operating systems & Components / Operating system package or component

kernel-kvmsmall-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-base
Operating systems & Components / Operating system package or component

kernel-kvmsmall-livepatch-devel
Operating systems & Components / Operating system package or component

kernel-kvmsmall-debuginfo
Operating systems & Components / Operating system package or component

kernel-kvmsmall-debugsource
Operating systems & Components / Operating system package or component

kernel-kvmsmall-devel
Operating systems & Components / Operating system package or component

kernel-default-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-debug-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-kvmsmall-vdso-debuginfo
Operating systems & Components / Operating system package or component

kernel-kvmsmall-vdso
Operating systems & Components / Operating system package or component

kernel-debug-vdso
Operating systems & Components / Operating system package or component

kernel-default-vdso
Operating systems & Components / Operating system package or component

kernel-debug-debugsource
Operating systems & Components / Operating system package or component

kernel-debug-livepatch-devel
Operating systems & Components / Operating system package or component

kernel-debug-devel
Operating systems & Components / Operating system package or component

kernel-debug-debuginfo
Operating systems & Components / Operating system package or component

kernel-debug-devel-debuginfo
Operating systems & Components / Operating system package or component

kernel-debug
Operating systems & Components / Operating system package or component

kernel-docs-html
Operating systems & Components / Operating system package or component

kernel-devel
Operating systems & Components / Operating system package or component

kernel-source-vanilla
Operating systems & Components / Operating system package or component

kernel-source
Operating systems & Components / Operating system package or component

kernel-macros
Operating systems & Components / Operating system package or component

kernel-docs
Operating systems & Components / Operating system package or component

kernel-default-extra-debuginfo
Operating systems & Components / Operating system package or component

kernel-default-extra
Operating systems & Components / Operating system package or component

kernel-default
Operating systems & Components / Operating system package or component

ocfs2-kmp-default
Operating systems & Components / Operating system package or component

gfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

cluster-md-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

dlm-kmp-default
Operating systems & Components / Operating system package or component

kernel-default-debugsource
Operating systems & Components / Operating system package or component

kernel-default-debuginfo
Operating systems & Components / Operating system package or component

gfs2-kmp-default
Operating systems & Components / Operating system package or component

cluster-md-kmp-default
Operating systems & Components / Operating system package or component

ocfs2-kmp-default-debuginfo
Operating systems & Components / Operating system package or component

Vendor SUSE

Security Bulletin

This security bulletin contains information about 82 vulnerabilities.

1) Out-of-bounds write

EUVDB-ID: #VU71480

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-36280

CWE-ID: CWE-787 - Out-of-bounds write

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) NULL pointer dereference

EUVDB-ID: #VU73764

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-38096

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Deadlock

EUVDB-ID: #VU73186

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4269

CWE-ID: CWE-833 - Deadlock

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the Linux kernel Traffic Control (TC) subsystem. A local user can use a specific network configuration (redirecting egress packets to ingress using TC action "mirred") to trigger a CPU soft lockup.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Use-after-free

EUVDB-ID: #VU75333

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45884

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvbdev.c in Linux kernel related to dvb_register_device() function dynamically allocating fops. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Use-after-free

EUVDB-ID: #VU75334

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45885

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvb_frontend.c in Linux kernel. A local user can trigger a race condition and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Use-after-free

EUVDB-ID: #VU75336

Risk: Low

CVSSv3.1: 6.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45886

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvb_net.c in Linux kernel. A local user can trigger a race condition and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Race condition

EUVDB-ID: #VU75338

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45887

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in drivers/media/usb/ttusb-dec/ttusb_dec.c in Linux kernel. A local user can exploit the race and crash the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

8) Use-after-free

EUVDB-ID: #VU75337

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-45919

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvb_ca_en50221.c in Linux kernel. A local user can trigger a race condition and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

9) Double Free

EUVDB-ID: #VU74053

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2022-4744

CWE-ID: CWE-415 - Double Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the tun_free_netdev() function in the Linux kernel’s TUN/TAP device driver. A local user can trigger a double free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

10) Security features bypass

EUVDB-ID: #VU72469

Risk: Low

CVSSv3.1: 2.6 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-0045

CWE-ID: CWE-254 - Security Features

Exploit availability: Yes

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to Linux kernel does not correctly mitigate SMT attacks. A local user can bypass Spectre-BTI user space mitigations and gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

11) NULL pointer dereference

EUVDB-ID: #VU71138

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0122

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the nvmet_setup_auth(0 function in drivers/nvme/target/auth.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

12) Integer overflow

EUVDB-ID: #VU71173

Risk: Low

CVSSv3.1: 7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2023-0179

CWE-ID: CWE-190 - Integer overflow

Exploit availability: Yes

Description

The vulnerability allows a local  user to escalate privileges on the system.

The vulnerability exists due to an integer overflow within the nft_payload_copy_vlan() function in Linux kernel Netfilter. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

13) NULL pointer dereference

EUVDB-ID: #VU71352

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0394

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

14) Use-after-free

EUVDB-ID: #VU72506

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0461

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Upper Level Protocol (ULP) subsystem in Linux kernel caused by improper handling of sockets entering the LISTEN state in certain protocols. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

15) Use-after-free

EUVDB-ID: #VU72744

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0469

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error during the cleanup call within the io_install_fixed_file() function in io_uring/filetable.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

16) Use-after-free

EUVDB-ID: #VU72098

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0590

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the qdisc_graft() function in net/sched/sch_api.c. A local user can trigger a use-after-free error and crash the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

17) Memory leak

EUVDB-ID: #VU73765

Risk: Low

CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-0597

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to memory leak within the Linux kernel cpu_entry_area mapping of X86 CPU data. A local user can gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

18) Type Confusion

EUVDB-ID: #VU72700

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1075

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the tls_is_tx_ready() function in the net/tls stack of the Linux Kernel. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

19) Type Confusion

EUVDB-ID: #VU72742

Risk: Low

CVSSv3.1: 5.8 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1076

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error during initialization of TUN/TAP sockets. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

20) Type Confusion

EUVDB-ID: #VU72699

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1077

CWE-ID: CWE-843 - Type confusion

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the pick_next_rt_entity() function pick_next_rt_entity(). A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

21) Use-after-free

EUVDB-ID: #VU72741

Risk: Low

CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1079

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows an attacker to compromise the vulnerable system.

The vulnerability exists due to a use-after-free error within the asus_kbd_backlight_set() function when plugging in a malicious USB device. An attacker with physical access to the system can inject a malicious USB device, trigger a use-after-free error and execute arbitrary code.


Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

22) NULL pointer dereference

EUVDB-ID: #VU73783

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1095

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the nf_tables_updtable() function within the netfilter subsystem. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

23) Use-after-free

EUVDB-ID: #VU72734

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1118

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel integrated infrared receiver/transceiver driver "drivers/media/rc/ene_ir.c" when detaching rc device. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

24) Use-after-free

EUVDB-ID: #VU77954

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1249

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the core dump subsystem in Linux kernel. A local user can trigger a use-after-free error and crash the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

25) NULL pointer dereference

EUVDB-ID: #VU74550

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1382

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in net/tipc/topsrv.c within the TIPC protocol implementation in the Linux kernel. A local user can perform a denial of service (DoS) attack.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

26) Improper Initialization

EUVDB-ID: #VU74630

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1513

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization when calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems. A local user can run a specially crafted application to gain access to sensitive information.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

27) Race condition

EUVDB-ID: #VU74629

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1582

CWE-ID: CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within fs/proc/task_mmu.c. A local user can exploit the race and crash the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

28) NULL pointer dereference

EUVDB-ID: #VU75449

Risk: Low

CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1583

CWE-ID: CWE-476 - NULL Pointer Dereference

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the io_file_bitmap_get() function in io_uring/filetable.c in the io_uring sub-component. A local user can trigger denial of service conditions via IORING_FILE_INDEX_ALLOC.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

29) Use-after-free

EUVDB-ID: #VU75204

Risk: Low

CVSSv3.1: 4.1 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1611

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can trigger a use-after-free error and crash the kernel.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

30) Information exposure through microarchitectural state after transient execution

EUVDB-ID: #VU74771

Risk: Low

CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1637

CWE-ID: CWE-1342 - Information Exposure through Microarchitectural State after Transient Execution

Exploit availability: No

Description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due speculative execution behavior in the Linux kernel X86 CPU Power management options functionality. A local user can gain access to sensitive information.


Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

31) Use-after-free

EUVDB-ID: #VU74770

Risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1652

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfsd4_ssc_setup_dul() function in fs/nfsd/nfs4proc.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.


Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3 External links

http://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/


Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

32) Use-after-free

EUVDB-ID: #VU75450

Risk: Low

CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2023-1670

CWE-ID: CWE-416 - Use After Free

Exploit availability: No

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Xircom 16-bit PCMCIA (PC-card) Ethernet driver. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Mitigation

Update the affected package the Linux Kernel to the latest version.

Vulnerable software versions

SUSE Linux Enterprise Live Patching: 15-SP5

SUSE Linux Enterprise High Availability Extension 15: SP5

SUSE Linux Enterprise Workstation Extension 15: SP5

Development Tools Module: 15-SP5

Legacy Module: 15-SP5

Basesystem Module: 15-SP5

SUSE Linux Enterprise Server for SAP Applications 15: SP5

SUSE Linux Enterprise Server 15: SP5

SUSE Linux Enterprise Real Time 15: SP5

SUSE Linux Enterprise High Performance Computing 15: SP5

SUSE Linux Enterprise Desktop 15: SP5

openSUSE Leap: 15.5

kernel-64kb: before 5.14.21-150500.55.7.1

dtb-arm: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-debugsource: before 5.14.21-150500.55.7.1

dtb-amlogic: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-devel: before 5.14.21-150500.55.7.1

dtb-apple: before 5.14.21-150500.55.7.1

kselftests-kmp-64kb: before 5.14.21-150500.55.7.1

kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1

dtb-amazon: before 5.14.21-150500.55.7.1

dtb-renesas: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1

dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1

dtb-socionext: before 5.14.21-150500.55.7.1

dtb-rockchip: before 5.14.21-150500.55.7.1

dtb-altera: before 5.14.21-150500.55.7.1

dtb-qcom: before 5.14.21-150500.55.7.1

dtb-sprd: before 5.14.21-150500.55.7.1

dlm-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-broadcom: before 5.14.21-150500.55.7.1

dtb-mediatek: before 5.14.21-150500.55.7.1

dtb-marvell: before 5.14.21-150500.55.7.1

kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-optional: before 5.14.21-150500.55.7.1

dtb-apm: before 5.14.21-150500.55.7.1

dtb-freescale: before 5.14.21-150500.55.7.1

ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-lg: before 5.14.21-150500.55.7.1

dtb-cavium: before 5.14.21-150500.55.7.1

gfs2-kmp-64kb: before 5.14.21-150500.55.7.1

cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1

dtb-nvidia: before 5.14.21-150500.55.7.1

reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1

dtb-amd: before 5.14.21-150500.55.7.1

kernel-64kb-extra: before 5.14.21-150500.55.7.1

kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1

kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1

dtb-allwinner: before 5.14.21-150500.55.7.1

dtb-xilinx: before 5.14.21-150500.55.7.1

dtb-hisilicon: before 5.14.21-150500.55.7.1

dtb-exynos: before 5.14.21-150500.55.7.1

dtb-aarch64: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1

kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1

kernel-zfcpdump: before 5.14.21-150500.55.7.1

kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1

kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1

kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1

kernel-kvmsmall: before 5.14.21-150500.55.7.1

kselftests-kmp-default: before 5.14.21-150500.55.7.1

kernel-obs-qa: before 5.14.21-150500.55.7.1

reiserfs-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1

reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-livepatch: before 5.14.21-150500.55.7.1

kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-syms: before 5.14.21-150500.55.7.1

kernel-default-devel: before 5.14.21-150500.55.7.1

kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1

kernel-obs-build: before 5.14.21-150500.55.7.1

kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-optional: before 5.14.21-150500.55.7.1

kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5

kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1

kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1

kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1

kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1

kernel-debug-vdso: before 5.14.21-150500.55.7.1

kernel-default-vdso: before 5.14.21-150500.55.7.1

kernel-debug-debugsource: before 5.14.21-150500.55.7.1

kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1

kernel-debug-devel: before 5.14.21-150500.55.7.1

kernel-debug-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1

kernel-debug: before 5.14.21-150500.55.7.1

kernel-docs-html: before 5.14.21-150500.55.7.1

kernel-devel: before 5.14.21-150500.55.7.1

kernel-source-vanilla: before 5.14.21-150500.55.7.1

kernel-source: before 5.14.21-150500.55.7.1

kernel-macros: before 5.14.21-150500.55.7.1

kernel-docs: before 5.14.21-150500.55.7.1

kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1

kernel-default-extra: before 5.14.21-150500.55.7.1

kernel-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default: before 5.14.21-150500.55.7.1

gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

dlm-kmp-default: before 5.14.21-150500.55.7.1

kernel-default-debugsource: before 5.14.21-150500.55.7.1

kernel-default-debuginfo: before 5.14.21-150500.55.7.1

gfs2-kmp-default: before 5.14.21-150500.55.7.1

cluster-md-kmp-default: before 5.14.21-150500.55.7.1

ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1

CPE2.3