csaf_suse - suse-su-2023:2701-1

suse-su-2023:2701-1

Vulnerability from csaf_suse

Published

2023-06-29 01:34

Modified

2023-06-29 01:34

Summary

Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP3)

Notes

Title of the patch

Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP3)

Description of the patch

This update for the Linux Kernel 5.3.18-150300_59_115 fixes several issues. The following security issues were fixed: - CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779). - CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452).

Patchnames

SUSE-2023-2701,SUSE-SLE-Module-Live-Patching-15-SP3-2023-2701

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP3)",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for the Linux Kernel 5.3.18-150300_59_115 fixes several issues.\n\nThe following security issues were fixed:\n\n- CVE-2022-4744: Fixed double-free that could lead to DoS or privilege escalation in TUN/TAP device driver functionality (bsc#1209672).\n- CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210989).\n- CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1210779).\n- CVE-2023-28466: Fixed race condition that could lead to use-after-free or NULL pointer dereference in do_tls_getsockopt in net/tls/tls_main.c (bsc#1210452).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-2701,SUSE-SLE-Module-Live-Patching-15-SP3-2023-2701",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_2701-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:2701-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20232701-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:2701-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2023-June/015369.html"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1209672",
        "url": "https://bugzilla.suse.com/1209672"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1210452",
        "url": "https://bugzilla.suse.com/1210452"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1210779",
        "url": "https://bugzilla.suse.com/1210779"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1210989",
        "url": "https://bugzilla.suse.com/1210989"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-4744 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-4744/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-1390 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-1390/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-28466 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-28466/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-31436 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-31436/"
      }
    ],
    "title": "Security update for the Linux Kernel (Live Patch 30 for SLE 15 SP3)",
    "tracking": {
      "current_release_date": "2023-06-29T01:34:51Z",
      "generator": {
        "date": "2023-06-29T01:34:51Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:2701-1",
      "initial_release_date": "2023-06-29T01:34:51Z",
      "revision_history": [
        {
          "date": "2023-06-29T01:34:51Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kernel-livepatch-5_3_18-150300_59_115-preempt-4-150300.2.1.x86_64",
                "product": {
                  "name": "kernel-livepatch-5_3_18-150300_59_115-preempt-4-150300.2.1.x86_64",
                  "product_id": "kernel-livepatch-5_3_18-150300_59_115-preempt-4-150300.2.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                "product": {
                  "name": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_id": "SUSE Linux Enterprise Live Patching 15 SP3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-live-patching:15:sp3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64 as component of SUSE Linux Enterprise Live Patching 15 SP3",
          "product_id": "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
        },
        "product_reference": "kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Live Patching 15 SP3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-4744",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-4744"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A double-free flaw was found in the Linux kernel\u0027s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-4744",
          "url": "https://www.suse.com/security/cve/CVE-2022-4744"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209635 for CVE-2022-4744",
          "url": "https://bugzilla.suse.com/1209635"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209672 for CVE-2022-4744",
          "url": "https://bugzilla.suse.com/1209672"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211833 for CVE-2022-4744",
          "url": "https://bugzilla.suse.com/1211833"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-29T01:34:51Z",
          "details": "important"
        }
      ],
      "title": "CVE-2022-4744"
    },
    {
      "cve": "CVE-2023-1390",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-1390"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A remote denial of service vulnerability was found in the Linux kernel\u0027s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-1390",
          "url": "https://www.suse.com/security/cve/CVE-2023-1390"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209289 for CVE-2023-1390",
          "url": "https://bugzilla.suse.com/1209289"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210779 for CVE-2023-1390",
          "url": "https://bugzilla.suse.com/1210779"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211495 for CVE-2023-1390",
          "url": "https://bugzilla.suse.com/1211495"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-29T01:34:51Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-1390"
    },
    {
      "cve": "CVE-2023-28466",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-28466"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-28466",
          "url": "https://www.suse.com/security/cve/CVE-2023-28466"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1209366 for CVE-2023-28466",
          "url": "https://bugzilla.suse.com/1209366"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210452 for CVE-2023-28466",
          "url": "https://bugzilla.suse.com/1210452"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211833 for CVE-2023-28466",
          "url": "https://bugzilla.suse.com/1211833"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213841 for CVE-2023-28466",
          "url": "https://bugzilla.suse.com/1213841"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-29T01:34:51Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-28466"
    },
    {
      "cve": "CVE-2023-31436",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-31436"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
          "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-31436",
          "url": "https://www.suse.com/security/cve/CVE-2023-31436"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1210940 for CVE-2023-31436",
          "url": "https://bugzilla.suse.com/1210940"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1211260 for CVE-2023-31436",
          "url": "https://bugzilla.suse.com/1211260"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213841 for CVE-2023-31436",
          "url": "https://bugzilla.suse.com/1213841"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1213842 for CVE-2023-31436",
          "url": "https://bugzilla.suse.com/1213842"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1214128 for CVE-2023-31436",
          "url": "https://bugzilla.suse.com/1214128"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1223091 for CVE-2023-31436",
          "url": "https://bugzilla.suse.com/1223091"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1224419 for CVE-2023-31436",
          "url": "https://bugzilla.suse.com/1224419"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.ppc64le",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.s390x",
            "SUSE Linux Enterprise Live Patching 15 SP3:kernel-livepatch-5_3_18-150300_59_115-default-4-150300.2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-06-29T01:34:51Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-31436"
    }
  ]
}

CVE-2023-31436 (GCVE-0-2023-31436)

Vulnerability from cvelistv5

Published

2023-04-28 00:00

Modified

2024-10-21 16:01

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX.

References

►

URL

Tags

	https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d
	https://www.spinics.net/lists/stable-commits/msg294885.html
	https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13
	https://www.debian.org/security/2023/dsa-5402	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html	mailing-list
	https://security.netapp.com/advisory/ntap-20230609-0001/
	http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html
	http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html
	http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T14:53:30.606Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.spinics.net/lists/stable-commits/msg294885.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13"
          },
          {
            "name": "DSA-5402",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5402"
          },
          {
            "name": "[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230609-0001/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-31436",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:15:52.761316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-787",
                "description": "CWE-787 Out-of-bounds Write",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-21T16:01:13.471Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-29T15:06:30.285764",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/torvalds/linux/commit/3037933448f60f9acb705997eae62013ecb81e0d"
        },
        {
          "url": "https://www.spinics.net/lists/stable-commits/msg294885.html"
        },
        {
          "url": "https://cdn.kernel.org/pub/linux/kernel/v6.x/ChangeLog-6.2.13"
        },
        {
          "name": "DSA-5402",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5402"
        },
        {
          "name": "[debian-lts-announce] 20230605 [SECURITY] [DLA 3446-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00008.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230609-0001/"
        },
        {
          "url": "http://packetstormsecurity.com/files/173087/Kernel-Live-Patch-Security-Notice-LSN-0095-1.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/173757/Kernel-Live-Patch-Security-Notice-LSN-0096-1.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/175963/Kernel-Live-Patch-Security-Notice-LSN-0099-1.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-31436",
    "datePublished": "2023-04-28T00:00:00",
    "dateReserved": "2023-04-28T00:00:00",
    "dateUpdated": "2024-10-21T16:01:13.471Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-1390 (GCVE-0-2023-1390)

Vulnerability from cvelistv5

Published

2023-03-16 00:00

Modified

2025-04-23 16:23

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-1050

Summary

A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition.

References

►

URL

Tags

	https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5
	https://infosec.exchange/%40_mattata/109427999461122360
	https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6
	https://security.netapp.com/advisory/ntap-20230420-0001/

Impacted products

	Vendor	Product	Version
	n/a	Linux kernel (TIPC kernel module)	Version: Fixed in kernel 5.11-rc4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T05:49:11.042Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://infosec.exchange/%40_mattata/109427999461122360"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230420-0001/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-1390",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:26:35.899836Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:23:37.728Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Linux kernel (TIPC kernel module)",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in kernel 5.11-rc4"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A remote denial of service vulnerability was found in the Linux kernel\u2019s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-1050",
              "description": "CWE-1050",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-20T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://gist.github.com/netspooky/bee2d07022f6350bb88eaa48e571d9b5"
        },
        {
          "url": "https://infosec.exchange/%40_mattata/109427999461122360"
        },
        {
          "url": "https://github.com/torvalds/linux/commit/b77413446408fdd256599daf00d5be72b5f3e7c6"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230420-0001/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2023-1390",
    "datePublished": "2023-03-16T00:00:00.000Z",
    "dateReserved": "2023-03-14T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:23:37.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-4744 (GCVE-0-2022-4744)

Vulnerability from cvelistv5

Published

2023-03-30 00:00

Modified

2025-02-14 15:45

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-460 - -> CWE-824

Summary

A double-free flaw was found in the Linux kernel’s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system.

References

►

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e
	http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html
	https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html	mailing-list
	https://security.netapp.com/advisory/ntap-20230526-0009/

Impacted products

	Vendor	Product	Version
	n/a	Kernel	Version: Linux kernel 5.16-rc7

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T01:48:40.427Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html"
          },
          {
            "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230526-0009/"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2022-4744",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-02-14T15:43:44.084722Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-02-14T15:45:30.671Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Kernel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Linux kernel 5.16-rc7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A double-free flaw was found in the Linux kernel\u2019s TUN/TAP device driver functionality in how a user registers the device when the register_netdevice function fails (NETDEV_REGISTER notifier). This flaw allows a local user to crash or potentially escalate their privileges on the system."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-460",
              "description": "CWE-460 -\u003e CWE-824",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-26T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/netdev/net.git/commit/?id=158b515f703e"
        },
        {
          "url": "http://packetstormsecurity.com/files/171912/CentOS-Stream-9-Missing-Kernel-Security-Fix.html"
        },
        {
          "name": "[debian-lts-announce] 20230503 [SECURITY] [DLA 3403-1] linux security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00006.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230526-0009/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2022-4744",
    "datePublished": "2023-03-30T00:00:00.000Z",
    "dateReserved": "2022-12-26T00:00:00.000Z",
    "dateUpdated": "2025-02-14T15:45:30.671Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-28466 (GCVE-0-2023-28466)

Vulnerability from cvelistv5

Published

2023-03-15 00:00

Modified

2025-05-05 16:02

Severity ?

7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

Summary

do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference).

References

►

URL

Tags

	https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962
	https://security.netapp.com/advisory/ntap-20230427-0006/
	https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html	mailing-list

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T12:38:25.383Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230427-0006/"
          },
          {
            "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "HIGH",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2023-28466",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:28:51.923048Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-476",
                "description": "CWE-476 NULL Pointer Dereference",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-05-05T16:02:32.757Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "do_tls_getsockopt in net/tls/tls_main.c in the Linux kernel through 6.2.6 lacks a lock_sock call, leading to a race condition (with a resultant use-after-free or NULL pointer dereference)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-03T00:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit?id=49c47cc21b5b7a3d8deb18fc57b0aa2ab1286962"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230427-0006/"
        },
        {
          "name": "[debian-lts-announce] 20230502 [SECURITY] [DLA 3404-1] linux-5.10 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00005.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2023-28466",
    "datePublished": "2023-03-15T00:00:00.000Z",
    "dateReserved": "2023-03-15T00:00:00.000Z",
    "dateUpdated": "2025-05-05T16:02:32.757Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

suse-su-2023:2701-1

Vulnerability from csaf_suse

CVE-2023-31436 (GCVE-0-2023-31436)

Vulnerability from cvelistv5

CVE-2023-1390 (GCVE-0-2023-1390)

Vulnerability from cvelistv5

CVE-2022-4744 (GCVE-0-2022-4744)

Vulnerability from cvelistv5

CVE-2023-28466 (GCVE-0-2023-28466)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature