suse-su-2023:0779-1
Vulnerability from csaf_suse
Published
2023-03-16 17:02
Modified
2023-03-16 17:02
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bsc#1204502).
- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).
- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).
- CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem (bsc#1207237).
- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).
- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).
- CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).
- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).
- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).
- CVE-2023-1076: Fixed incorrect initialization of socket ui in tap_open() (bsc#1208599).
- CVE-2023-1095: Fixed fix null deref due to zeroed list head in nf_tables (bsc#1208777).
- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).
- CVE-2023-1195: Fixed a use-after-free caused by invalid pointer `hostname` in cifs (bsc#1208971).
- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).
- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).
- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).
- CVE-2023-23004: Fixed NULL vs IS_ERR() checking in malidp (bsc#1208843).
- CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845).
- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).
- CVE-2023-25012: Fixed a use-after-eree in bigben_set_led() in hid (bsc#1207560).
- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).
The following non-security bugs were fixed:
- add support for enabling livepatching related packages on -RT (jsc#PED-1706)
- add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)
- bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).
- blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).
- blktrace: ensure our debugfs dir exists (git-fixes).
- ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198).
- ceph: do not update snapshot context when there is no new snapshot (bsc#1207218).
- config.conf: Drop armv7l, Leap 15.3 is EOL.
- constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit.
- delete config/armv7hl/default.
- delete config/armv7hl/lpae.
- dm btree: add a defensive bounds check to insert_at() (git-fixes).
- dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).
- dm cache: Fix UAF in destroy() (git-fixes).
- dm cache: set needs_check flag after aborting metadata (git-fixes).
- dm clone: Fix UAF in clone_dtr() (git-fixes).
- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).
- dm integrity: fix flush with external metadata device (git-fixes).
- dm integrity: flush the journal on suspend (git-fixes).
- dm integrity: select CRYPTO_SKCIPHER (git-fixes).
- dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).
- dm ioctl: prevent potential spectre v1 gadget (git-fixes).
- dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).
- dm space maps: do not reset space map allocation cursor when committing (git-fixes).
- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).
- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).
- dm thin: Fix UAF in run_timer_softirq() (git-fixes).
- dm thin: Use last transaction's pmd->root when commit failed (git-fixes).
- dm thin: resume even if in FAIL mode (git-fixes).
- dm verity: fix require_signatures module_param permissions (git-fixes).
- dm verity: skip verity work if I/O error when system is shutting down (git-fixes).
- do not sign the vanilla kernel (bsc#1209008).
- drivers:md:fix a potential use-after-free bug (git-fixes).
- ext4: Fixup pages without buffers (bsc#1205495).
- genirq: Provide new interfaces for affinity hints (bsc#1208153).
- hid: betop: check shape of output reports (git-fixes, bsc#1207186).
- hid: check empty report_list in bigben_probe() (git-fixes, bsc#1206784).
- hid: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).
- kabi/severities: add mlx5 internal symbols
- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.
- kvm: vmx: fix crash cleanup when KVM wasn't used (bsc#1207508).
- loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).
- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).
- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).
- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).
- md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).
- md: protect md_unregister_thread from reentrancy (git-fixes).
- mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663).
- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).
- mm: /proc/pid/smaps_rollup: fix no vma's null-deref (bsc#1207769).
- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).
- nbd: Fix hung on disconnect request if socket is closed before (git-fixes).
- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).
- nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes).
- nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).
- nbd: fix io hung while disconnecting device (git-fixes).
- nbd: fix max value for 'first_minor' (git-fixes).
- nbd: fix race between nbd_alloc_config() and module removal (git-fixes).
- nbd: make the config put is called before the notifying the waiter (git-fixes).
- nbd: restore default timeout when setting it to zero (git-fixes).
- net/mlx5: Allocate individual capability (bsc#119175).
- net/mlx5: Dynamically resize flow counters query buffer (bsc#119175).
- net/mlx5: Fix flow counters SF bulk query len (bsc#119175).
- net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#119175).
- net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#119175).
- net/mlx5: Use order-0 allocations for EQs (bsc#119175).
- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).
- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).
- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).
- null_blk: fix ida error handling in null_add_dev() (git-fixes).
- rbd: work around -Wuninitialized warning (git-fixes).
- rdma/core: Fix ib block iterator counter overflow (bsc#1207878).
- refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351).
- revert 'constraints: increase disk space for all architectures' (bsc#1203693).
- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well.
- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support).
- rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.
- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp> perl '$HOME/group-source-files.pl' -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we'd want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html
- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings.
- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage
- s390/kexec: fix ipl report address for kdump (bsc#1207575).
- scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes).
- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes).
- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).
- scsi: Revert 'scsi: qla2xxx: Fix disk failure to rediscover' (git-fixes).
- scsi: advansys: Fix kernel pointer leak (git-fixes).
- scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes).
- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes).
- scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes).
- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes).
- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes).
- scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes).
- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).
- scsi: core: Do not start concurrent async scan on same host (git-fixes).
- scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes).
- scsi: core: Fix capacity set to zero after offlinining device (git-fixes).
- scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes).
- scsi: core: Fix shost->cmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes).
- scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).
- scsi: core: free sgtables in case command setup fails (git-fixes).
- scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes).
- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes).
- scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes).
- scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).
- scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes).
- scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).
- scsi: fnic: fix use after free (git-fixes).
- scsi: hisi_sas: Check sas_port before using it (git-fixes).
- scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails (git-fixes).
- scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes).
- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes).
- scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes).
- scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes).
- scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).
- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).
- scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).
- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).
- scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes).
- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).
- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes).
- scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes).
- scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes).
- scsi: iscsi: Do not send data to unbound connection (git-fixes).
- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes).
- scsi: iscsi: Fix shost->max_id use (git-fixes).
- scsi: iscsi: Report unbind session event when the target has been removed (git-fixes).
- scsi: iscsi: Unblock session then wake up error handler (git-fixes).
- scsi: libfc: Fix a format specifier (git-fixes).
- scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).
- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).
- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes).
- scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes).
- scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes).
- scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes).
- scsi: megaraid_sas: Early detection of VD deletion through RaidMap update (git-fixes).
- scsi: megaraid_sas: Fix double kfree() (git-fixes).
- scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes).
- scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes).
- scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes).
- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).
- scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes).
- scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes).
- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes).
- scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes).
- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).
- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).
- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).
- scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).
- scsi: myrs: Fix crash in error case (git-fixes).
- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).
- scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes).
- scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).
- scsi: qedf: Add check to synchronize abort and flush (git-fixes).
- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).
- scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes).
- scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes).
- scsi: qedi: Fix failed disconnect handling (git-fixes).
- scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes).
- scsi: qedi: Fix null ref during abort handling (git-fixes).
- scsi: qedi: Protect active command list to avoid list corruption (git-fixes).
- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).
- scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).
- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes).
- scsi: scsi_debug: num_tgts must be >= 0 (git-fixes).
- scsi: scsi_dh_alua: Check for negative result value (git-fixes).
- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes).
- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes).
- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes).
- scsi: scsi_transport_spi: Fix function pointer check (git-fixes).
- scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes).
- scsi: sd: Free scsi_disk device via put_device() (git-fixes).
- scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes).
- scsi: ses: Fix unsigned comparison with less than zero (git-fixes).
- scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes).
- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).
- scsi: sr: Do not use GFP_DMA (git-fixes).
- scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes).
- scsi: sr: Return appropriate error code when disk is ejected (git-fixes).
- scsi: sr: Return correct event when media event code is 3 (git-fixes).
- scsi: st: Fix a use after free in st_open() (git-fixes).
- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk ->poweroff() (git-fixes).
- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes).
- scsi: ufs: Clean up completed request without interrupt notification (git-fixes).
- scsi: ufs: Fix a race condition in the tracing code (git-fixes).
- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).
- scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).
- scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes).
- scsi: ufs: Fix irq return code (git-fixes).
- scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes).
- scsi: ufs: Fix tm request when non-fatal error happens (git-fixes).
- scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes).
- scsi: ufs: Fix up auto hibern8 enablement (git-fixes).
- scsi: ufs: Fix wrong print message in dev_err() (git-fixes).
- scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes).
- scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes).
- scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes).
- scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes).
- scsi: ufs: fix potential bug which ends in system hang (git-fixes).
- scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes).
- scsi: virtio_scsi: Fix spelling mistake 'Unsupport' -> 'Unsupported' (git-fixes).
- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).
- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).
- scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes).
- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).
- sctp: sysctl: make extra pointers netns aware (bsc#1204760).
- update patches.suse/net-mlx5-Allocate-individual-capability (bsc#1195175).
- update patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175).
- update patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175).
- update patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175).
- update patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175).
- update patches.suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference.
- vmxnet3: move rss code block under eop descriptor (bsc#1208212).
- watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).
- watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).
Patchnames
SUSE-2023-779,SUSE-SLE-Module-RT-15-SP3-2023-779,SUSE-SUSE-MicroOS-5.1-2023-779,SUSE-SUSE-MicroOS-5.2-2023-779
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\nThe SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.\n\nThe following security bugs were fixed:\n\n- CVE-2022-3606: Fixed a null pointer dereference inside the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF (bsc#1204502).\n- CVE-2022-36280: Fixed out-of-bounds memory access vulnerability found in vmwgfx driver (bsc#1203332).\n- CVE-2022-38096: Fixed NULL-ptr deref in vmw_cmd_dx_define_query() (bsc#1203331).\n- CVE-2022-47929: Fixed a NULL pointer dereference bug in the traffic control subsystem (bsc#1207237).\n- CVE-2023-0045: Fixed missing Flush IBP in ib_prctl_set (bsc#1207773).\n- CVE-2023-0179: Fixed incorrect arithmetics when fetching VLAN header bits (bsc#1207034).\n- CVE-2023-0266: Fixed a use-after-free vulnerability inside the ALSA PCM package. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 was missing locks that could have been used in a use-after-free that could have resulted in a priviledge escalation to gain ring0 access from the system user (bsc#1207134).\n- CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795).\n- CVE-2023-0597: Fixed lack of randomization of per-cpu entry area in x86/mm (bsc#1207845).\n- CVE-2023-1076: Fixed incorrect initialization of socket ui in tap_open() (bsc#1208599).\n- CVE-2023-1095: Fixed fix null deref due to zeroed list head in nf_tables (bsc#1208777). \n- CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837).\n- CVE-2023-1195: Fixed a use-after-free caused by invalid pointer `hostname` in cifs (bsc#1208971).\n- CVE-2023-22995: Fixed lacks of certain platform_device_put and kfree in drivers/usb/dwc3/dwc3-qcom.c (bsc#1208741).\n- CVE-2023-22998: Fixed NULL vs IS_ERR checking in virtio_gpu_object_shmem_init (bsc#1208776).\n- CVE-2023-23000: Fixed return value of tegra_xusb_find_port_node function phy/tegra (bsc#1208816).\n- CVE-2023-23004: Fixed NULL vs IS_ERR() checking in malidp (bsc#1208843). \n- CVE-2023-23006: Fixed NULL vs IS_ERR checking in dr_domain_init_resources (bsc#1208845).\n- CVE-2023-23559: Fixed integer overflow in rndis_wlan that leads to a buffer overflow (bsc#1207051).\n- CVE-2023-25012: Fixed a use-after-eree in bigben_set_led() in hid (bsc#1207560).\n- CVE-2023-26545: Fixed double free in net/mpls/af_mpls.c upon an allocation failure (bsc#1208700).\n\nThe following non-security bugs were fixed:\n\n- add support for enabling livepatching related packages on -RT (jsc#PED-1706)\n- add suse-kernel-rpm-scriptlets to kmp buildreqs (boo#1205149)\n- bcache: fix set_at_max_writeback_rate() for multiple attached devices (git-fixes).\n- blktrace: Fix output non-blktrace event when blk_classic option enabled (git-fixes).\n- blktrace: ensure our debugfs dir exists (git-fixes).\n- ceph: avoid putting the realm twice when decoding snaps fails (bsc#1207198).\n- ceph: do not update snapshot context when there is no new snapshot (bsc#1207218).\n- config.conf: Drop armv7l, Leap 15.3 is EOL.\n- constraints: increase disk space for all architectures References: bsc#1203693 aarch64 is already suffering. SLE15-SP5 x86_64 stats show that it is very close to the limit.\n- delete config/armv7hl/default.\n- delete config/armv7hl/lpae.\n- dm btree: add a defensive bounds check to insert_at() (git-fixes).\n- dm cache: Fix ABBA deadlock between shrink_slab and dm_cache_metadata_abort (git-fixes).\n- dm cache: Fix UAF in destroy() (git-fixes).\n- dm cache: set needs_check flag after aborting metadata (git-fixes).\n- dm clone: Fix UAF in clone_dtr() (git-fixes).\n- dm integrity: Fix UAF in dm_integrity_dtr() (git-fixes).\n- dm integrity: fix flush with external metadata device (git-fixes).\n- dm integrity: flush the journal on suspend (git-fixes).\n- dm integrity: select CRYPTO_SKCIPHER (git-fixes).\n- dm ioctl: fix misbehavior if list_versions races with module loading (git-fixes).\n- dm ioctl: prevent potential spectre v1 gadget (git-fixes).\n- dm space map common: add bounds check to sm_ll_lookup_bitmap() (git-fixes).\n- dm space maps: do not reset space map allocation cursor when committing (git-fixes).\n- dm table: Remove BUG_ON(in_interrupt()) (git-fixes).\n- dm thin: Fix ABBA deadlock between shrink_slab and dm_pool_abort_metadata (git-fixes).\n- dm thin: Fix UAF in run_timer_softirq() (git-fixes).\n- dm thin: Use last transaction\u0027s pmd-\u003eroot when commit failed (git-fixes).\n- dm thin: resume even if in FAIL mode (git-fixes).\n- dm verity: fix require_signatures module_param permissions (git-fixes).\n- dm verity: skip verity work if I/O error when system is shutting down (git-fixes).\n- do not sign the vanilla kernel (bsc#1209008).\n- drivers:md:fix a potential use-after-free bug (git-fixes).\n- ext4: Fixup pages without buffers (bsc#1205495).\n- genirq: Provide new interfaces for affinity hints (bsc#1208153).\n- hid: betop: check shape of output reports (git-fixes, bsc#1207186).\n- hid: check empty report_list in bigben_probe() (git-fixes, bsc#1206784).\n- hid: check empty report_list in hid_validate_values() (git-fixes, bsc#1206784).\n- kabi/severities: add mlx5 internal symbols\n- kernel-module-subpackage: Fix expansion with -b parameter (bsc#1208179). When -b is specified the script is prefixed with KMP_NEEDS_MKINITRD=1 which sets the variable for a simple command. However, the script is no longer a simple command. Export the variable instead.\n- kvm: vmx: fix crash cleanup when KVM wasn\u0027t used (bsc#1207508).\n- loop: unset GENHD_FL_NO_PART_SCAN on LOOP_CONFIGURE (git-fixes).\n- loop: use sysfs_emit() in the sysfs xxx show() (git-fixes).\n- md/raid5: Wait for MD_SB_CHANGE_PENDING in raid5d (git-fixes).\n- md: Flush workqueue md_rdev_misc_wq in md_alloc() (git-fixes).\n- md: Notify sysfs sync_completed in md_reap_sync_thread() (git-fixes).\n- md: protect md_unregister_thread from reentrancy (git-fixes).\n- mm/memcg: optimize memory.numa_stat like memory.stat (bsc#1206663).\n- mm/slub: fix panic in slab_alloc_node() (bsc#1208023).\n- mm: /proc/pid/smaps_rollup: fix no vma\u0027s null-deref (bsc#1207769).\n- module: Do not wait for GOING modules (bsc#1196058, bsc#1186449, bsc#1204356, bsc#1204662).\n- nbd: Fix hung on disconnect request if socket is closed before (git-fixes).\n- nbd: Fix hung when signal interrupts nbd_start_device_ioctl() (git-fixes).\n- nbd: Fix incorrect error handle when first_minor is illegal in nbd_dev_add (git-fixes).\n- nbd: call genl_unregister_family() first in nbd_cleanup() (git-fixes).\n- nbd: fix io hung while disconnecting device (git-fixes).\n- nbd: fix max value for \u0027first_minor\u0027 (git-fixes).\n- nbd: fix race between nbd_alloc_config() and module removal (git-fixes).\n- nbd: make the config put is called before the notifying the waiter (git-fixes).\n- nbd: restore default timeout when setting it to zero (git-fixes).\n- net/mlx5: Allocate individual capability (bsc#119175).\n- net/mlx5: Dynamically resize flow counters query buffer (bsc#119175).\n- net/mlx5: Fix flow counters SF bulk query len (bsc#119175).\n- net/mlx5: Reduce flow counters bulk query buffer size for SFs (bsc#119175).\n- net/mlx5: Reorganize current and maximal capabilities to be per-type (bsc#119175).\n- net/mlx5: Use order-0 allocations for EQs (bsc#119175).\n- net: mana: Assign interrupts to CPUs based on NUMA nodes (bsc#1208153).\n- net: mana: Fix IRQ name - add PCI and queue number (bsc#1207875).\n- net: mana: Fix accessing freed irq affinity_hint (bsc#1208153).\n- null_blk: fix ida error handling in null_add_dev() (git-fixes).\n- rbd: work around -Wuninitialized warning (git-fixes).\n- rdma/core: Fix ib block iterator counter overflow (bsc#1207878).\n- refresh patches.kabi/scsi-kABI-fix-for-eh_should_retry_cmd (bsc#1206351).\n- revert \u0027constraints: increase disk space for all architectures\u0027 (bsc#1203693).\n- rpm/check-for-config-changes: add OBJTOOL and FTRACE_MCOUNT_USE_* Dummy gcc pretends to support -mrecord-mcount option but actual gcc on ppc64le does not. Therefore ppc64le builds of 6.2-rc1 and later in OBS enable FTRACE_MCOUNT_USE_OBJTOOL and OBJTOOL config options, resulting in check failure. As we already have FTRACE_MCOUNT_USE_CC and FTRACE_MCOUNT_USE_RECORDMCOUNT in the exception list, replace them with a general pattern. And add OBJTOOL as well.\n- rpm/check-for-config-changes: add TOOLCHAIN_HAS_* to IGNORED_CONFIGS_RE This new form was added in commit b8c86872d1dc (riscv: fix detection of toolchain Zicbom support).\n- rpm/check-for-config-changes: loosen pattern for AS_HAS_* This is needed to handle CONFIG_AS_HAS_NON_CONST_LEB128.\n- rpm/group-source-files.pl: Deal with {pre,post}fixed / in location When the source file location provided with -L is either prefixed or postfixed with forward slash, the script get stuck in a infinite loop inside calc_dirs() where $path is an empty string. user@localhost:/tmp\u003e perl \u0027$HOME/group-source-files.pl\u0027 -D devel.files -N nondevel.files -L /usr/src/linux-5.14.21-150500.41/ ... path = /usr/src/linux-5.14.21-150500.41/Documentation/Kconfig path = /usr/src/linux-5.14.21-150500.41/Documentation path = /usr/src/linux-5.14.21-150500.41 path = /usr/src path = /usr path = path = path = ... # Stuck in an infinite loop This workarounds the issue by breaking out the loop once path is an empty string. For a proper fix we\u0027d want something that filesystem-aware, but this workaround should be enough for the rare occation that this script is ran manually. Link: http://mailman.suse.de/mlarch/SuSE/kernel/2023/kernel.2023.03/msg00024.html\n- rpm/kernel-binary.spec.in: Add Enhances and Supplements tags to in-tree KMPs This makes in-tree KMPs more consistent with externally built KMPs and silences several rpmlint warnings.\n- rpm/mkspec-dtb: add riscv64 dtb-renesas subpackage\n- s390/kexec: fix ipl report address for kdump (bsc#1207575).\n- scsi: 3w-9xxx: Avoid disabling device if failing to enable it (git-fixes).\n- scsi: BusLogic: Fix 64-bit system enumeration error for Buslogic (git-fixes).\n- scsi: NCR5380: Add disconnect_mask module parameter (git-fixes).\n- scsi: Revert \u0027scsi: qla2xxx: Fix disk failure to rediscover\u0027 (git-fixes).\n- scsi: advansys: Fix kernel pointer leak (git-fixes).\n- scsi: aha152x: Fix aha152x_setup() __setup handler return value (git-fixes).\n- scsi: aic7xxx: Adjust indentation in ahc_find_syncrate (git-fixes).\n- scsi: aic7xxx: Fix unintentional sign extension issue on left shift of u8 (git-fixes).\n- scsi: atari_scsi: sun3_scsi: Set sg_tablesize to 1 instead of SG_NONE (git-fixes).\n- scsi: bfa: Replace snprintf() with sysfs_emit() (git-fixes).\n- scsi: bnx2fc: Return failure if io_req is already in ABTS processing (git-fixes).\n- scsi: core: Avoid printing an error if target_alloc() returns -ENXIO (git-fixes).\n- scsi: core: Cap scsi_host cmd_per_lun at can_queue (git-fixes).\n- scsi: core: Do not start concurrent async scan on same host (git-fixes).\n- scsi: core: Fix a race between scsi_done() and scsi_timeout() (git-fixes).\n- scsi: core: Fix capacity set to zero after offlinining device (git-fixes).\n- scsi: core: Fix hang of freezing queue between blocking and running device (git-fixes).\n- scsi: core: Fix shost-\u003ecmd_per_lun calculation in scsi_add_host_with_dma() (git-fixes).\n- scsi: core: Restrict legal sdev_state transitions via sysfs (git-fixes).\n- scsi: core: free sgtables in case command setup fails (git-fixes).\n- scsi: core: sysfs: Fix hang when device state is set via sysfs (git-fixes).\n- scsi: core: sysfs: Fix setting device state to SDEV_RUNNING (git-fixes).\n- scsi: cxlflash: Fix error return code in cxlflash_probe() (git-fixes).\n- scsi: fcoe: Fix possible name leak when device_register() fails (git-fixes).\n- scsi: fcoe: Fix transport not deattached when fcoe_if_init() fails (git-fixes).\n- scsi: fnic: Fix memleak in vnic_dev_init_devcmd2 (git-fixes).\n- scsi: fnic: fix use after free (git-fixes).\n- scsi: hisi_sas: Check sas_port before using it (git-fixes).\n- scsi: hisi_sas: Delete the debugfs folder of hisi_sas when the probe fails (git-fixes).\n- scsi: hisi_sas: Do not reset phy timer to wait for stray phy up (git-fixes).\n- scsi: hisi_sas: Drop free_irq() of devm_request_irq() allocated irq (git-fixes).\n- scsi: hisi_sas: Propagate errors in interrupt_init_v1_hw() (git-fixes).\n- scsi: hisi_sas: Replace in_softirq() check in hisi_sas_task_exec() (git-fixes).\n- scsi: hpsa: Fix error handling in hpsa_add_sas_host() (git-fixes).\n- scsi: hpsa: Fix memory leak in hpsa_init_one() (git-fixes).\n- scsi: hpsa: Fix possible memory leak in hpsa_add_sas_device() (git-fixes).\n- scsi: hpsa: Fix possible memory leak in hpsa_init_one() (git-fixes).\n- scsi: ipr: Fix WARNING in ipr_init() (git-fixes).\n- scsi: ipr: Fix missing/incorrect resource cleanup in error case (git-fixes).\n- scsi: iscsi: Add iscsi_cls_conn refcount helpers (git-fixes).\n- scsi: iscsi: Avoid potential deadlock in iscsi_if_rx func (git-fixes).\n- scsi: iscsi: Do not destroy session if there are outstanding connections (git-fixes).\n- scsi: iscsi: Do not put host in iscsi_set_flashnode_param() (git-fixes).\n- scsi: iscsi: Do not send data to unbound connection (git-fixes).\n- scsi: iscsi: Fix reference count leak in iscsi_boot_create_kobj (git-fixes).\n- scsi: iscsi: Fix shost-\u003emax_id use (git-fixes).\n- scsi: iscsi: Report unbind session event when the target has been removed (git-fixes).\n- scsi: iscsi: Unblock session then wake up error handler (git-fixes).\n- scsi: libfc: Fix a format specifier (git-fixes).\n- scsi: libfc: Fix use after free in fc_exch_abts_resp() (git-fixes).\n- scsi: libiscsi: Fix UAF in iscsi_conn_get_param()/iscsi_conn_teardown() (git-fixes).\n- scsi: libiscsi: Fix iscsi_prep_scsi_cmd_pdu() error handling (git-fixes).\n- scsi: libsas: Add LUN number check in .slave_alloc callback (git-fixes).\n- scsi: megaraid: Fix error check return value of register_chrdev() (git-fixes).\n- scsi: megaraid_mm: Fix end of loop tests for list_for_each_entry() (git-fixes).\n- scsi: megaraid_sas: Early detection of VD deletion through RaidMap update (git-fixes).\n- scsi: megaraid_sas: Fix double kfree() (git-fixes).\n- scsi: megaraid_sas: Fix resource leak in case of probe failure (git-fixes).\n- scsi: megaraid_sas: Handle missing interrupts while re-enabling IRQs (git-fixes).\n- scsi: megaraid_sas: Target with invalid LUN ID is deleted during scan (git-fixes).\n- scsi: mpi3mr: Refer CONFIG_SCSI_MPI3MR in Makefile (git-fixes).\n- scsi: mpt3sas: Block PCI config access from userspace during reset (git-fixes).\n- scsi: mpt3sas: Fix possible resource leaks in mpt3sas_transport_port_add() (git-fixes).\n- scsi: mpt3sas: Fix timeouts observed while reenabling IRQ (git-fixes).\n- scsi: mpt3sas: Increase IOCInit request timeout to 30s (git-fixes).\n- scsi: mvsas: Add PCI ID of RocketRaid 2640 (git-fixes).\n- scsi: mvsas: Replace snprintf() with sysfs_emit() (git-fixes).\n- scsi: mvumi: Fix error return in mvumi_io_attach() (git-fixes).\n- scsi: myrb: Fix up null pointer access on myrb_cleanup() (git-fixes).\n- scsi: myrs: Fix crash in error case (git-fixes).\n- scsi: pm8001: Fix pm8001_mpi_task_abort_resp() (git-fixes).\n- scsi: pm: Balance pm_only counter of request queue during system resume (git-fixes).\n- scsi: pmcraid: Fix missing resource cleanup in error case (git-fixes).\n- scsi: qedf: Add check to synchronize abort and flush (git-fixes).\n- scsi: qedf: Fix a UAF bug in __qedf_probe() (git-fixes).\n- scsi: qedf: Fix refcount issue when LOGO is received during TMF (git-fixes).\n- scsi: qedf: Return SUCCESS if stale rport is encountered (git-fixes).\n- scsi: qedi: Fix failed disconnect handling (git-fixes).\n- scsi: qedi: Fix list_del corruption while removing active I/O (git-fixes).\n- scsi: qedi: Fix null ref during abort handling (git-fixes).\n- scsi: qedi: Protect active command list to avoid list corruption (git-fixes).\n- scsi: qla2xxx: Add option to disable FC2 Target support (bsc#1198438 bsc#1206103).\n- scsi: scsi_debug: Fix a warning in resp_write_scat() (git-fixes).\n- scsi: scsi_debug: Fix possible UAF in sdebug_add_host_helper() (git-fixes).\n- scsi: scsi_debug: Fix possible name leak in sdebug_add_host_helper() (git-fixes).\n- scsi: scsi_debug: num_tgts must be \u003e= 0 (git-fixes).\n- scsi: scsi_dh_alua: Check for negative result value (git-fixes).\n- scsi: scsi_dh_alua: Fix signedness bug in alua_rtpg() (git-fixes).\n- scsi: scsi_dh_alua: Remove check for ASC 24h in alua_rtpg() (git-fixes).\n- scsi: scsi_dh_rdac: Avoid crash during rdac_bus_attach() (git-fixes).\n- scsi: scsi_transport_spi: Fix function pointer check (git-fixes).\n- scsi: scsi_transport_spi: Set RQF_PM for domain validation commands (git-fixes).\n- scsi: sd: Free scsi_disk device via put_device() (git-fixes).\n- scsi: sd: Suppress spurious errors when WRITE SAME is being disabled (git-fixes).\n- scsi: ses: Fix unsigned comparison with less than zero (git-fixes).\n- scsi: ses: Retry failed Send/Receive Diagnostic commands (git-fixes).\n- scsi: snic: Fix possible UAF in snic_tgt_create() (git-fixes).\n- scsi: sr: Do not use GFP_DMA (git-fixes).\n- scsi: sr: Fix sr_probe() missing deallocate of device minor (git-fixes).\n- scsi: sr: Return appropriate error code when disk is ejected (git-fixes).\n- scsi: sr: Return correct event when media event code is 3 (git-fixes).\n- scsi: st: Fix a use after free in st_open() (git-fixes).\n- scsi: ufs-pci: Ensure UFS device is in PowerDown mode for suspend-to-disk -\u003epoweroff() (git-fixes).\n- scsi: ufs: Add DELAY_BEFORE_LPM quirk for Micron devices (git-fixes).\n- scsi: ufs: Clean up completed request without interrupt notification (git-fixes).\n- scsi: ufs: Fix a race condition in the tracing code (git-fixes).\n- scsi: ufs: Fix error handing during hibern8 enter (git-fixes).\n- scsi: ufs: Fix illegal offset in UPIU event trace (git-fixes).\n- scsi: ufs: Fix interrupt error message for shared interrupts (git-fixes).\n- scsi: ufs: Fix irq return code (git-fixes).\n- scsi: ufs: Fix possible infinite loop in ufshcd_hold (git-fixes).\n- scsi: ufs: Fix tm request when non-fatal error happens (git-fixes).\n- scsi: ufs: Fix unbalanced scsi_block_reqs_cnt caused by ufshcd_hold() (git-fixes).\n- scsi: ufs: Fix up auto hibern8 enablement (git-fixes).\n- scsi: ufs: Fix wrong print message in dev_err() (git-fixes).\n- scsi: ufs: Improve interrupt handling for shared interrupts (git-fixes).\n- scsi: ufs: Make sure clk scaling happens only when HBA is runtime ACTIVE (git-fixes).\n- scsi: ufs: Make ufshcd_add_command_trace() easier to read (git-fixes).\n- scsi: ufs: delete redundant function ufshcd_def_desc_sizes() (git-fixes).\n- scsi: ufs: fix potential bug which ends in system hang (git-fixes).\n- scsi: ufs: ufs-qcom: Fix race conditions caused by ufs_qcom_testbus_config() (git-fixes).\n- scsi: virtio_scsi: Fix spelling mistake \u0027Unsupport\u0027 -\u003e \u0027Unsupported\u0027 (git-fixes).\n- scsi: vmw_pvscsi: Expand vcpuHint to 16 bits (git-fixes).\n- scsi: vmw_pvscsi: Set correct residual data length (git-fixes).\n- scsi: vmw_pvscsi: Set residual data length conditionally (git-fixes).\n- sctp: fail if no bound addresses can be used for a given scope (bsc#1206677).\n- sctp: sysctl: make extra pointers netns aware (bsc#1204760).\n- update patches.suse/net-mlx5-Allocate-individual-capability (bsc#1195175).\n- update patches.suse/net-mlx5-Dynamically-resize-flow-counters-query-buff (bsc#1195175).\n- update patches.suse/net-mlx5-Fix-flow-counters-SF-bulk-query-len (bsc#1195175).\n- update patches.suse/net-mlx5-Reduce-flow-counters-bulk-query-buffer-size (bsc#1195175).\n- update patches.suse/net-mlx5-Reorganize-current-and-maximal-capabilities (bsc#1195175).\n- update patches.suse/net-mlx5-Use-order-0-allocations-for-EQs (bsc#1195175). Fixed bugzilla reference.\n- vmxnet3: move rss code block under eop descriptor (bsc#1208212).\n- watchdog: diag288_wdt: do not use stack buffers for hardware data (bsc#1207497).\n- watchdog: diag288_wdt: fix __diag288() inline assembly (bsc#1207497).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-779,SUSE-SLE-Module-RT-15-SP3-2023-779,SUSE-SUSE-MicroOS-5.1-2023-779,SUSE-SUSE-MicroOS-5.2-2023-779",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_0779-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:0779-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20230779-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:0779-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2023-March/014076.html"
},
{
"category": "self",
"summary": "SUSE Bug 1186449",
"url": "https://bugzilla.suse.com/1186449"
},
{
"category": "self",
"summary": "SUSE Bug 1203331",
"url": "https://bugzilla.suse.com/1203331"
},
{
"category": "self",
"summary": "SUSE Bug 1203332",
"url": "https://bugzilla.suse.com/1203332"
},
{
"category": "self",
"summary": "SUSE Bug 1203693",
"url": "https://bugzilla.suse.com/1203693"
},
{
"category": "self",
"summary": "SUSE Bug 1204502",
"url": "https://bugzilla.suse.com/1204502"
},
{
"category": "self",
"summary": "SUSE Bug 1204760",
"url": "https://bugzilla.suse.com/1204760"
},
{
"category": "self",
"summary": "SUSE Bug 1205149",
"url": "https://bugzilla.suse.com/1205149"
},
{
"category": "self",
"summary": "SUSE Bug 1206351",
"url": "https://bugzilla.suse.com/1206351"
},
{
"category": "self",
"summary": "SUSE Bug 1206677",
"url": "https://bugzilla.suse.com/1206677"
},
{
"category": "self",
"summary": "SUSE Bug 1206784",
"url": "https://bugzilla.suse.com/1206784"
},
{
"category": "self",
"summary": "SUSE Bug 1207034",
"url": "https://bugzilla.suse.com/1207034"
},
{
"category": "self",
"summary": "SUSE Bug 1207051",
"url": "https://bugzilla.suse.com/1207051"
},
{
"category": "self",
"summary": "SUSE Bug 1207134",
"url": "https://bugzilla.suse.com/1207134"
},
{
"category": "self",
"summary": "SUSE Bug 1207186",
"url": "https://bugzilla.suse.com/1207186"
},
{
"category": "self",
"summary": "SUSE Bug 1207237",
"url": "https://bugzilla.suse.com/1207237"
},
{
"category": "self",
"summary": "SUSE Bug 1207497",
"url": "https://bugzilla.suse.com/1207497"
},
{
"category": "self",
"summary": "SUSE Bug 1207508",
"url": "https://bugzilla.suse.com/1207508"
},
{
"category": "self",
"summary": "SUSE Bug 1207560",
"url": "https://bugzilla.suse.com/1207560"
},
{
"category": "self",
"summary": "SUSE Bug 1207773",
"url": "https://bugzilla.suse.com/1207773"
},
{
"category": "self",
"summary": "SUSE Bug 1207795",
"url": "https://bugzilla.suse.com/1207795"
},
{
"category": "self",
"summary": "SUSE Bug 1207845",
"url": "https://bugzilla.suse.com/1207845"
},
{
"category": "self",
"summary": "SUSE Bug 1207875",
"url": "https://bugzilla.suse.com/1207875"
},
{
"category": "self",
"summary": "SUSE Bug 1207878",
"url": "https://bugzilla.suse.com/1207878"
},
{
"category": "self",
"summary": "SUSE Bug 1208212",
"url": "https://bugzilla.suse.com/1208212"
},
{
"category": "self",
"summary": "SUSE Bug 1208599",
"url": "https://bugzilla.suse.com/1208599"
},
{
"category": "self",
"summary": "SUSE Bug 1208700",
"url": "https://bugzilla.suse.com/1208700"
},
{
"category": "self",
"summary": "SUSE Bug 1208741",
"url": "https://bugzilla.suse.com/1208741"
},
{
"category": "self",
"summary": "SUSE Bug 1208776",
"url": "https://bugzilla.suse.com/1208776"
},
{
"category": "self",
"summary": "SUSE Bug 1208816",
"url": "https://bugzilla.suse.com/1208816"
},
{
"category": "self",
"summary": "SUSE Bug 1208837",
"url": "https://bugzilla.suse.com/1208837"
},
{
"category": "self",
"summary": "SUSE Bug 1208845",
"url": "https://bugzilla.suse.com/1208845"
},
{
"category": "self",
"summary": "SUSE Bug 1208971",
"url": "https://bugzilla.suse.com/1208971"
},
{
"category": "self",
"summary": "SUSE Bug 1209008",
"url": "https://bugzilla.suse.com/1209008"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-3606 page",
"url": "https://www.suse.com/security/cve/CVE-2022-3606/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-36280 page",
"url": "https://www.suse.com/security/cve/CVE-2022-36280/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-38096 page",
"url": "https://www.suse.com/security/cve/CVE-2022-38096/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-47929 page",
"url": "https://www.suse.com/security/cve/CVE-2022-47929/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0045 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0045/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0179 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0179/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0266 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0266/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0590 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0590/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0597 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0597/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1076 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1076/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1095 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1095/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1118 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1118/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-1195 page",
"url": "https://www.suse.com/security/cve/CVE-2023-1195/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-22995 page",
"url": "https://www.suse.com/security/cve/CVE-2023-22995/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-22998 page",
"url": "https://www.suse.com/security/cve/CVE-2023-22998/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-23000 page",
"url": "https://www.suse.com/security/cve/CVE-2023-23000/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-23004 page",
"url": "https://www.suse.com/security/cve/CVE-2023-23004/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-23006 page",
"url": "https://www.suse.com/security/cve/CVE-2023-23006/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-23559 page",
"url": "https://www.suse.com/security/cve/CVE-2023-23559/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-25012 page",
"url": "https://www.suse.com/security/cve/CVE-2023-25012/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-26545 page",
"url": "https://www.suse.com/security/cve/CVE-2023-26545/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2023-03-16T17:02:59Z",
"generator": {
"date": "2023-03-16T17:02:59Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:0779-1",
"initial_release_date": "2023-03-16T17:02:59Z",
"revision_history": [
{
"date": "2023-03-16T17:02:59Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.3.18-150300.121.1.noarch",
"product": {
"name": "kernel-devel-rt-5.3.18-150300.121.1.noarch",
"product_id": "kernel-devel-rt-5.3.18-150300.121.1.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.3.18-150300.121.1.noarch",
"product": {
"name": "kernel-source-rt-5.3.18-150300.121.1.noarch",
"product_id": "kernel-source-rt-5.3.18-150300.121.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"product_id": "cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.121.1.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.121.1.x86_64",
"product_id": "cluster-md-kmp-rt_debug-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"product": {
"name": "dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"product_id": "dlm-kmp-rt-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-5.3.18-150300.121.1.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-5.3.18-150300.121.1.x86_64",
"product_id": "dlm-kmp-rt_debug-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"product_id": "gfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-5.3.18-150300.121.1.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-5.3.18-150300.121.1.x86_64",
"product_id": "gfs2-kmp-rt_debug-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kernel-rt-5.3.18-150300.121.1.x86_64",
"product_id": "kernel-rt-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"product_id": "kernel-rt-devel-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kernel-rt-extra-5.3.18-150300.121.1.x86_64",
"product_id": "kernel-rt-extra-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.3.18-150300.121.1.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kernel-rt-optional-5.3.18-150300.121.1.x86_64",
"product_id": "kernel-rt-optional-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kernel-rt_debug-5.3.18-150300.121.1.x86_64",
"product_id": "kernel-rt_debug-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"product_id": "kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kernel-rt_debug-extra-5.3.18-150300.121.1.x86_64",
"product_id": "kernel-rt_debug-extra-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.121.1.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-optional-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kernel-rt_debug-optional-5.3.18-150300.121.1.x86_64",
"product_id": "kernel-rt_debug-optional-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"product_id": "kernel-syms-rt-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.3.18-150300.121.1.x86_64",
"product_id": "kselftests-kmp-rt-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-5.3.18-150300.121.1.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-5.3.18-150300.121.1.x86_64",
"product_id": "kselftests-kmp-rt_debug-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"product_id": "ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.121.1.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.121.1.x86_64",
"product_id": "ocfs2-kmp-rt_debug-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.3.18-150300.121.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.3.18-150300.121.1.x86_64",
"product_id": "reiserfs-kmp-rt-5.3.18-150300.121.1.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.121.1.x86_64",
"product": {
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.121.1.x86_64",
"product_id": "reiserfs-kmp-rt_debug-5.3.18-150300.121.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Real Time Module 15 SP3",
"product": {
"name": "SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-rt:15:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64"
},
"product_reference": "cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dlm-kmp-rt-5.3.18-150300.121.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64"
},
"product_reference": "dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "gfs2-kmp-rt-5.3.18-150300.121.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
},
"product_reference": "gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-rt-5.3.18-150300.121.1.noarch as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch"
},
"product_reference": "kernel-devel-rt-5.3.18-150300.121.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.121.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.121.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-devel-5.3.18-150300.121.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64"
},
"product_reference": "kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64"
},
"product_reference": "kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-rt-5.3.18-150300.121.1.noarch as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch"
},
"product_reference": "kernel-source-rt-5.3.18-150300.121.1.noarch",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-syms-rt-5.3.18-150300.121.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64"
},
"product_reference": "kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64 as component of SUSE Real Time Module 15 SP3",
"product_id": "SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
},
"product_reference": "ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"relates_to_product_reference": "SUSE Real Time Module 15 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.121.1.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.121.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.121.1.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.121.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-3606",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-3606"
}
],
"notes": [
{
"category": "general",
"text": "A vulnerability was found in Linux Kernel. It has been classified as problematic. This affects the function find_prog_by_sec_insn of the file tools/lib/bpf/libbpf.c of the component BPF. The manipulation leads to null pointer dereference. It is recommended to apply a patch to fix this issue. The identifier VDB-211749 was assigned to this vulnerability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-3606",
"url": "https://www.suse.com/security/cve/CVE-2022-3606"
},
{
"category": "external",
"summary": "SUSE Bug 1204502 for CVE-2022-3606",
"url": "https://bugzilla.suse.com/1204502"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-3606"
},
{
"cve": "CVE-2022-36280",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-36280"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds(OOB) memory access vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_kms.c in GPU component in the Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-36280",
"url": "https://www.suse.com/security/cve/CVE-2022-36280"
},
{
"category": "external",
"summary": "SUSE Bug 1203332 for CVE-2022-36280",
"url": "https://bugzilla.suse.com/1203332"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-36280"
},
{
"cve": "CVE-2022-38096",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-38096"
}
],
"notes": [
{
"category": "general",
"text": "A NULL pointer dereference vulnerability was found in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file \u0027/dev/dri/renderD128 (or Dxxx)\u0027. This flaw allows a local attacker with a user account on the system to gain privilege, causing a denial of service(DoS).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-38096",
"url": "https://www.suse.com/security/cve/CVE-2022-38096"
},
{
"category": "external",
"summary": "SUSE Bug 1203331 for CVE-2022-38096",
"url": "https://bugzilla.suse.com/1203331"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-38096"
},
{
"cve": "CVE-2022-47929",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-47929"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 6.1.6, a NULL pointer dereference bug in the traffic control subsystem allows an unprivileged user to trigger a denial of service (system crash) via a crafted traffic control configuration that is set up with \"tc qdisc\" and \"tc class\" commands. This affects qdisc_graft in net/sched/sch_api.c.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-47929",
"url": "https://www.suse.com/security/cve/CVE-2022-47929"
},
{
"category": "external",
"summary": "SUSE Bug 1207237 for CVE-2022-47929",
"url": "https://bugzilla.suse.com/1207237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2022-47929"
},
{
"cve": "CVE-2023-0045",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0045"
}
],
"notes": [
{
"category": "general",
"text": "The current implementation of the prctl syscall does not issue an IBPB immediately during the syscall. The ib_prctl_set function updates the Thread Information Flags (TIFs) for the task and updates the SPEC_CTRL MSR on the function __speculation_ctrl_update, but the IBPB is only issued on the next schedule, when the TIF bits are checked. This leaves the victim vulnerable to values already injected on the BTB, prior to the prctl syscall. The patch that added the support for the conditional mitigation via prctl (ib_prctl_set) dates back to the kernel 4.9.176.\n\nWe recommend upgrading past commit a664ec9158eeddd75121d39c9a0758016097fa96",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0045",
"url": "https://www.suse.com/security/cve/CVE-2023-0045"
},
{
"category": "external",
"summary": "SUSE Bug 1207773 for CVE-2023-0045",
"url": "https://bugzilla.suse.com/1207773"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2023-0045"
},
{
"cve": "CVE-2023-0179",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0179"
}
],
"notes": [
{
"category": "general",
"text": "A buffer overflow vulnerability was found in the Netfilter subsystem in the Linux Kernel. This issue could allow the leakage of both stack and heap addresses, and potentially allow Local Privilege Escalation to the root user via arbitrary code execution.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0179",
"url": "https://www.suse.com/security/cve/CVE-2023-0179"
},
{
"category": "external",
"summary": "SUSE Bug 1207034 for CVE-2023-0179",
"url": "https://bugzilla.suse.com/1207034"
},
{
"category": "external",
"summary": "SUSE Bug 1207139 for CVE-2023-0179",
"url": "https://bugzilla.suse.com/1207139"
},
{
"category": "external",
"summary": "SUSE Bug 1215208 for CVE-2023-0179",
"url": "https://bugzilla.suse.com/1215208"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "important"
}
],
"title": "CVE-2023-0179"
},
{
"cve": "CVE-2023-0266",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0266"
}
],
"notes": [
{
"category": "general",
"text": "A use after free vulnerability exists in the ALSA PCM package in the Linux Kernel. SNDRV_CTL_IOCTL_ELEM_{READ|WRITE}32 is missing locks that can be used in a use-after-free that can result in a priviledge escalation to gain ring0 access from the system user. We recommend upgrading past commit 56b88b50565cd8b946a2d00b0c83927b7ebb055e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0266",
"url": "https://www.suse.com/security/cve/CVE-2023-0266"
},
{
"category": "external",
"summary": "SUSE Bug 1207134 for CVE-2023-0266",
"url": "https://bugzilla.suse.com/1207134"
},
{
"category": "external",
"summary": "SUSE Bug 1207190 for CVE-2023-0266",
"url": "https://bugzilla.suse.com/1207190"
},
{
"category": "external",
"summary": "SUSE Bug 1214128 for CVE-2023-0266",
"url": "https://bugzilla.suse.com/1214128"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "important"
}
],
"title": "CVE-2023-0266"
},
{
"cve": "CVE-2023-0590",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0590"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 (\"net: sched: fix race condition in qdisc_graft()\") not applied yet, then kernel could be affected.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0590",
"url": "https://www.suse.com/security/cve/CVE-2023-0590"
},
{
"category": "external",
"summary": "SUSE Bug 1207036 for CVE-2023-0590",
"url": "https://bugzilla.suse.com/1207036"
},
{
"category": "external",
"summary": "SUSE Bug 1207795 for CVE-2023-0590",
"url": "https://bugzilla.suse.com/1207795"
},
{
"category": "external",
"summary": "SUSE Bug 1207822 for CVE-2023-0590",
"url": "https://bugzilla.suse.com/1207822"
},
{
"category": "external",
"summary": "SUSE Bug 1211495 for CVE-2023-0590",
"url": "https://bugzilla.suse.com/1211495"
},
{
"category": "external",
"summary": "SUSE Bug 1211833 for CVE-2023-0590",
"url": "https://bugzilla.suse.com/1211833"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "important"
}
],
"title": "CVE-2023-0590"
},
{
"cve": "CVE-2023-0597",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0597"
}
],
"notes": [
{
"category": "general",
"text": "A flaw possibility of memory leak in the Linux kernel cpu_entry_area mapping of X86 CPU data to memory was found in the way user can guess location of exception stack(s) or other important data. A local user could use this flaw to get access to some important data with expected location in memory.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0597",
"url": "https://www.suse.com/security/cve/CVE-2023-0597"
},
{
"category": "external",
"summary": "SUSE Bug 1207845 for CVE-2023-0597",
"url": "https://bugzilla.suse.com/1207845"
},
{
"category": "external",
"summary": "SUSE Bug 1212395 for CVE-2023-0597",
"url": "https://bugzilla.suse.com/1212395"
},
{
"category": "external",
"summary": "SUSE Bug 1213271 for CVE-2023-0597",
"url": "https://bugzilla.suse.com/1213271"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2023-0597"
},
{
"cve": "CVE-2023-1076",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1076"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the Linux Kernel. The tun/tap sockets have their socket UID hardcoded to 0 due to a type confusion in their initialization function. While it will be often correct, as tuntap devices require CAP_NET_ADMIN, it may not always be the case, e.g., a non-root user only having that capability. This would make tun/tap sockets being incorrectly treated in filtering/routing decisions, possibly bypassing network filters.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1076",
"url": "https://www.suse.com/security/cve/CVE-2023-1076"
},
{
"category": "external",
"summary": "SUSE Bug 1208599 for CVE-2023-1076",
"url": "https://bugzilla.suse.com/1208599"
},
{
"category": "external",
"summary": "SUSE Bug 1214019 for CVE-2023-1076",
"url": "https://bugzilla.suse.com/1214019"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2023-1076"
},
{
"cve": "CVE-2023-1095",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1095"
}
],
"notes": [
{
"category": "general",
"text": "In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1095",
"url": "https://www.suse.com/security/cve/CVE-2023-1095"
},
{
"category": "external",
"summary": "SUSE Bug 1208777 for CVE-2023-1095",
"url": "https://bugzilla.suse.com/1208777"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2023-1095"
},
{
"cve": "CVE-2023-1118",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1118"
}
],
"notes": [
{
"category": "general",
"text": "A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1118",
"url": "https://www.suse.com/security/cve/CVE-2023-1118"
},
{
"category": "external",
"summary": "SUSE Bug 1208837 for CVE-2023-1118",
"url": "https://bugzilla.suse.com/1208837"
},
{
"category": "external",
"summary": "SUSE Bug 1208910 for CVE-2023-1118",
"url": "https://bugzilla.suse.com/1208910"
},
{
"category": "external",
"summary": "SUSE Bug 1210423 for CVE-2023-1118",
"url": "https://bugzilla.suse.com/1210423"
},
{
"category": "external",
"summary": "SUSE Bug 1211495 for CVE-2023-1118",
"url": "https://bugzilla.suse.com/1211495"
},
{
"category": "external",
"summary": "SUSE Bug 1213841 for CVE-2023-1118",
"url": "https://bugzilla.suse.com/1213841"
},
{
"category": "external",
"summary": "SUSE Bug 1213842 for CVE-2023-1118",
"url": "https://bugzilla.suse.com/1213842"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "important"
}
],
"title": "CVE-2023-1118"
},
{
"cve": "CVE-2023-1195",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-1195"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in reconn_set_ipaddr_from_hostname in fs/cifs/connect.c in the Linux kernel. The issue occurs when it forgets to set the free pointer server-\u003ehostname to NULL, leading to an invalid pointer request.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-1195",
"url": "https://www.suse.com/security/cve/CVE-2023-1195"
},
{
"category": "external",
"summary": "SUSE Bug 1208971 for CVE-2023-1195",
"url": "https://bugzilla.suse.com/1208971"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.2,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2023-1195"
},
{
"cve": "CVE-2023-22995",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-22995"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.17, an error path in dwc3_qcom_acpi_register_core in drivers/usb/dwc3/dwc3-qcom.c lacks certain platform_device_put and kfree calls.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-22995",
"url": "https://www.suse.com/security/cve/CVE-2023-22995"
},
{
"category": "external",
"summary": "SUSE Bug 1208741 for CVE-2023-22995",
"url": "https://bugzilla.suse.com/1208741"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2023-22995"
},
{
"cve": "CVE-2023-22998",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-22998"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 6.0.3, drivers/gpu/drm/virtio/virtgpu_object.c misinterprets the drm_gem_shmem_get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-22998",
"url": "https://www.suse.com/security/cve/CVE-2023-22998"
},
{
"category": "external",
"summary": "SUSE Bug 1208776 for CVE-2023-22998",
"url": "https://bugzilla.suse.com/1208776"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2023-22998"
},
{
"cve": "CVE-2023-23000",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-23000"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.17, drivers/phy/tegra/xusb.c mishandles the tegra_xusb_find_port_node return value. Callers expect NULL in the error case, but an error pointer is used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-23000",
"url": "https://www.suse.com/security/cve/CVE-2023-23000"
},
{
"category": "external",
"summary": "SUSE Bug 1208816 for CVE-2023-23000",
"url": "https://bugzilla.suse.com/1208816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 2.9,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2023-23000"
},
{
"cve": "CVE-2023-23004",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-23004"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.19, drivers/gpu/drm/arm/malidp_planes.c misinterprets the get_sg_table return value (expects it to be NULL in the error case, whereas it is actually an error pointer).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-23004",
"url": "https://www.suse.com/security/cve/CVE-2023-23004"
},
{
"category": "external",
"summary": "SUSE Bug 1208843 for CVE-2023-23004",
"url": "https://bugzilla.suse.com/1208843"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2023-23004"
},
{
"cve": "CVE-2023-23006",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-23006"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 5.15.13, drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c misinterprets the mlx5_get_uars_page return value (expects it to be NULL in the error case, whereas it is actually an error pointer).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-23006",
"url": "https://www.suse.com/security/cve/CVE-2023-23006"
},
{
"category": "external",
"summary": "SUSE Bug 1208845 for CVE-2023-23006",
"url": "https://bugzilla.suse.com/1208845"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2023-23006"
},
{
"cve": "CVE-2023-23559",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-23559"
}
],
"notes": [
{
"category": "general",
"text": "In rndis_query_oid in drivers/net/wireless/rndis_wlan.c in the Linux kernel through 6.1.5, there is an integer overflow in an addition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-23559",
"url": "https://www.suse.com/security/cve/CVE-2023-23559"
},
{
"category": "external",
"summary": "SUSE Bug 1207051 for CVE-2023-23559",
"url": "https://bugzilla.suse.com/1207051"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2023-23559"
},
{
"cve": "CVE-2023-25012",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-25012"
}
],
"notes": [
{
"category": "general",
"text": "The Linux kernel through 6.1.9 has a Use-After-Free in bigben_remove in drivers/hid/hid-bigbenff.c via a crafted USB device because the LED controllers remain registered for too long.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-25012",
"url": "https://www.suse.com/security/cve/CVE-2023-25012"
},
{
"category": "external",
"summary": "SUSE Bug 1207560 for CVE-2023-25012",
"url": "https://bugzilla.suse.com/1207560"
},
{
"category": "external",
"summary": "SUSE Bug 1207846 for CVE-2023-25012",
"url": "https://bugzilla.suse.com/1207846"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "moderate"
}
],
"title": "CVE-2023-25012"
},
{
"cve": "CVE-2023-26545",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-26545"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel before 6.1.13, there is a double free in net/mpls/af_mpls.c upon an allocation failure (for registering the sysctl table under a new location) during the renaming of a device.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-26545",
"url": "https://www.suse.com/security/cve/CVE-2023-26545"
},
{
"category": "external",
"summary": "SUSE Bug 1208700 for CVE-2023-26545",
"url": "https://bugzilla.suse.com/1208700"
},
{
"category": "external",
"summary": "SUSE Bug 1208909 for CVE-2023-26545",
"url": "https://bugzilla.suse.com/1208909"
},
{
"category": "external",
"summary": "SUSE Bug 1210423 for CVE-2023-26545",
"url": "https://bugzilla.suse.com/1210423"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:cluster-md-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:dlm-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:gfs2-kmp-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-devel-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-rt_debug-devel-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:kernel-source-rt-5.3.18-150300.121.1.noarch",
"SUSE Real Time Module 15 SP3:kernel-syms-rt-5.3.18-150300.121.1.x86_64",
"SUSE Real Time Module 15 SP3:ocfs2-kmp-rt-5.3.18-150300.121.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-03-16T17:02:59Z",
"details": "important"
}
],
"title": "CVE-2023-26545"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…