Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU81045
Risk: Medium
CVSSv3.1: 4.9 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2023-4039
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to the GCC's stack smashing protection does not detect or defend against overflows of dynamically-sized local variables on AArch64 targets. A remote attacker can bypass expected security restrictions and successfully exploit buffer overflow vulnerabilities.
Update the affected package gcc13 to the latest version.
Vulnerable software versionsToolchain Module: 12
SUSE Linux Enterprise Server for SAP Applications 12: SP1 - SP5
SUSE Linux Enterprise Server 12: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 12: SP2 - SP5
SUSE Linux Enterprise Server for SAP Applications: 12-SP4
SUSE Linux Enterprise Server: 12-SP2-LTSS-ERICSSON
libasan8-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libquadmath0-debuginfo: before 13.2.1+git7813-1.6.1
libobjc4-32bit: before 13.2.1+git7813-1.6.1
libquadmath0-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libitm1-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libasan8-32bit: before 13.2.1+git7813-1.6.1
libgomp1-32bit: before 13.2.1+git7813-1.6.1
libitm1-32bit: before 13.2.1+git7813-1.6.1
libstdc++6-pp-32bit: before 13.2.1+git7813-1.6.1
libgfortran5-32bit: before 13.2.1+git7813-1.6.1
libquadmath0-32bit: before 13.2.1+git7813-1.6.1
libobjc4-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libgfortran5-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libubsan1-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libatomic1-32bit: before 13.2.1+git7813-1.6.1
libgomp1-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libgcc_s1-32bit: before 13.2.1+git7813-1.6.1
libquadmath0: before 13.2.1+git7813-1.6.1
libstdc++6-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libatomic1-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libgcc_s1-32bit-debuginfo: before 13.2.1+git7813-1.6.1
libubsan1-32bit: before 13.2.1+git7813-1.6.1
libstdc++6-32bit: before 13.2.1+git7813-1.6.1
libgfortran5-debuginfo: before 13.2.1+git7813-1.6.1
libstdc++6-debuginfo: before 13.2.1+git7813-1.6.1
libgcc_s1: before 13.2.1+git7813-1.6.1
libstdc++6-pp: before 13.2.1+git7813-1.6.1
libgfortran5: before 13.2.1+git7813-1.6.1
libgcc_s1-debuginfo: before 13.2.1+git7813-1.6.1
libasan8-debuginfo: before 13.2.1+git7813-1.6.1
libitm1: before 13.2.1+git7813-1.6.1
liblsan0: before 13.2.1+git7813-1.6.1
libasan8: before 13.2.1+git7813-1.6.1
libatomic1-debuginfo: before 13.2.1+git7813-1.6.1
libgomp1: before 13.2.1+git7813-1.6.1
libitm1-debuginfo: before 13.2.1+git7813-1.6.1
libtsan2-debuginfo: before 13.2.1+git7813-1.6.1
libobjc4-debuginfo: before 13.2.1+git7813-1.6.1
libobjc4: before 13.2.1+git7813-1.6.1
libatomic1: before 13.2.1+git7813-1.6.1
libgomp1-debuginfo: before 13.2.1+git7813-1.6.1
libtsan2: before 13.2.1+git7813-1.6.1
libstdc++6: before 13.2.1+git7813-1.6.1
libubsan1-debuginfo: before 13.2.1+git7813-1.6.1
libhwasan0-debuginfo: before 13.2.1+git7813-1.6.1
libubsan1: before 13.2.1+git7813-1.6.1
libhwasan0: before 13.2.1+git7813-1.6.1
libstdc++6-locale: before 13.2.1+git7813-1.6.1
liblsan0-debuginfo: before 13.2.1+git7813-1.6.1
cross-nvptx-gcc13-debuginfo: before 13.2.1+git7813-1.6.1
cross-nvptx-newlib13-devel: before 13.2.1+git7813-1.6.1
cross-nvptx-gcc13: before 13.2.1+git7813-1.6.1
cross-nvptx-gcc13-debugsource: before 13.2.1+git7813-1.6.1
libstdc++6-devel-gcc13-32bit: before 13.2.1+git7813-1.6.1
gcc13-fortran-32bit: before 13.2.1+git7813-1.6.1
gcc13-c++-32bit: before 13.2.1+git7813-1.6.1
gcc13-32bit: before 13.2.1+git7813-1.6.1
gcc13-info: before 13.2.1+git7813-1.6.1
gcc13-c++-debuginfo: before 13.2.1+git7813-1.6.1
gcc13-fortran-debuginfo: before 13.2.1+git7813-1.6.1
cpp13: before 13.2.1+git7813-1.6.1
gcc13-locale: before 13.2.1+git7813-1.6.1
gcc13-debugsource: before 13.2.1+git7813-1.6.1
gcc13-debuginfo: before 13.2.1+git7813-1.6.1
cpp13-debuginfo: before 13.2.1+git7813-1.6.1
gcc13-fortran: before 13.2.1+git7813-1.6.1
gcc13-PIE: before 13.2.1+git7813-1.6.1
gcc13-c++: before 13.2.1+git7813-1.6.1
gcc13: before 13.2.1+git7813-1.6.1
libstdc++6-devel-gcc13: before 13.2.1+git7813-1.6.1
External linkshttp://www.suse.com/support/update/announcement/2023/suse-su-20234287-2/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.