suse-su-2023:3421-1
Vulnerability from csaf_suse
Published
2023-08-24 08:55
Modified
2023-08-24 08:55
Summary
Security update for the Linux Kernel
Notes
Title of the patch
Security update for the Linux Kernel
Description of the patch
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.
The following security bugs were fixed:
- CVE-2023-2156: Fixed IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability (bsc#1211131).
- CVE-2022-40982: Fixed transient execution attack called 'Gather Data Sampling' (bsc#1206418).
- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).
- CVE-2023-20569: Fixed side channel attack ‘Inception’ or ‘RAS Poisoning’ (bsc#1213287).
- CVE-2023-20593: Fixed a ZenBleed issue in 'Zen 2' CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).
- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).
- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).
- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).
- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).
- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).
- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).
- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).
- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).
- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).
- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).
The following non-security bugs were fixed:
- arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- get module prefix from kmod (bsc#1212835).
- remove more packaging cruft for sle < 12 sp3
- block, bfq: fix division by zero error on zero wsum (bsc#1213653).
- init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).
- init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).
- init: provide arch_cpu_finalize_init() (bsc#1206418).
- init: remove check_bugs() leftovers (bsc#1206418).
- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).
- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf ('rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps')
- kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.
- kernel-docs: use python3 together with python3-sphinx (bsc#1212741).
- keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).
- lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567).
- locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567).
- locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567).
- locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567).
- locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567).
- locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567).
- locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567).
- locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567).
- locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567).
- locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567).
- locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567).
- locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567).
- locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567).
- locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567).
- locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567).
- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).
- net: mana: add support for vlan tagging (bsc#1212301).
- ocfs2: fix a deadlock when commit trans (bsc#1199304).
- ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304).
- ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304).
- rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.
- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.
- rwsem-rt: implement down_read_interruptible (bsc#1207270, jsc#ped-4567, sle realtime extension).
- rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567).
- rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567).
- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).
- ubi: ensure that vid header offset + vid header size <= alloc, size (bsc#1210584).
- usrmerge: adjust module path in the kernel sources (bsc#1212835).
- x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).
- x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).
- x86/microcode/AMD: Make stub function static inline (bsc#1213868).
Patchnames
SUSE-2023-3421,SUSE-SUSE-MicroOS-5.1-2023-3421,SUSE-SUSE-MicroOS-5.2-2023-3421
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for the Linux Kernel",
"title": "Title of the patch"
},
{
"category": "description",
"text": "\n\nThe SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes.\n\n\nThe following security bugs were fixed:\n\n- CVE-2023-2156: Fixed IPv6 RPL Protocol Reachable Assertion Denial-of-Service Vulnerability (bsc#1211131).\n- CVE-2022-40982: Fixed transient execution attack called \u0027Gather Data Sampling\u0027 (bsc#1206418).\n- CVE-2023-0459: Fixed information leak in __uaccess_begin_nospec (bsc#1211738).\n- CVE-2023-20569: Fixed side channel attack \u2018Inception\u2019 or \u2018RAS Poisoning\u2019 (bsc#1213287).\n- CVE-2023-20593: Fixed a ZenBleed issue in \u0027Zen 2\u0027 CPUs that could allow an attacker to potentially access sensitive information (bsc#1213286).\n- CVE-2023-2985: Fixed an use-after-free vulnerability in hfsplus_put_super in fs/hfsplus/super.c that could allow a local user to cause a denial of service (bsc#1211867).\n- CVE-2023-3117: Fixed an use-after-free vulnerability in the netfilter subsystem when processing named and anonymous sets in batch requests that could allow a local user with CAP_NET_ADMIN capability to crash or potentially escalate their privileges on the system (bsc#1213245).\n- CVE-2023-31248: Fixed an use-after-free vulnerability in nft_chain_lookup_byid that could allow a local attacker to escalate their privilege (bsc#1213061).\n- CVE-2023-3390: Fixed an use-after-free vulnerability in the netfilter subsystem in net/netfilter/nf_tables_api.c that could allow a local attacker with user access to cause a privilege escalation issue (bsc#1212846).\n- CVE-2023-35001: Fixed an out-of-bounds memory access flaw in nft_byteorder that could allow a local attacker to escalate their privilege (bsc#1213059).\n- CVE-2023-3567: Fixed a use-after-free in vcs_read in drivers/tty/vt/vc_screen.c (bsc#1213167).\n- CVE-2023-3609: Fixed reference counter leak leading to overflow in net/sched (bsc#1213586).\n- CVE-2023-3611: Fixed an out-of-bounds write in net/sched sch_qfq(bsc#1213585).\n- CVE-2023-3776: Fixed improper refcount update in cls_fw leads to use-after-free (bsc#1213588).\n- CVE-2023-3812: Fixed an out-of-bounds memory access flaw in the TUN/TAP device driver functionality that could allow a local user to crash or potentially escalate their privileges on the system (bsc#1213543).\n\nThe following non-security bugs were fixed:\n\n- arm: cpu: switch to arch_cpu_finalize_init() (bsc#1206418).\n- get module prefix from kmod (bsc#1212835).\n- remove more packaging cruft for sle \u0026lt; 12 sp3\n- block, bfq: fix division by zero error on zero wsum (bsc#1213653).\n- init, x86: move mem_encrypt_init() into arch_cpu_finalize_init() (bsc#1206418).\n- init: invoke arch_cpu_finalize_init() earlier (bsc#1206418).\n- init: provide arch_cpu_finalize_init() (bsc#1206418).\n- init: remove check_bugs() leftovers (bsc#1206418).\n- jbd2: export jbd2_journal_[grab|put]_journal_head (bsc#1199304).\n- kernel-binary.spec.in: remove superfluous %% in supplements fixes: 02b7735e0caf (\u0027rpm/kernel-binary.spec.in: add enhances and supplements tags to in-tree kmps\u0027)\n- kernel-docs: add buildrequires on python3-base when using python3 the python3 binary is provided by python3-base.\n- kernel-docs: use python3 together with python3-sphinx (bsc#1212741).\n- keys: do not cache key in task struct if key is requested from kernel thread (bsc#1213354).\n- lockdep: add preemption enabled/disabled assertion apis (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: add __always_inline annotation to __down_read_common() and inlined callers (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: allow slowpath writer to ignore handoff bit if not set by first waiter (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: always try to wake waiters in out_nolock path (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: better collate rwsem_read_trylock() (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: conditionally wake waiters in reader/writer slowpaths (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: disable preemption for spinning region (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: disable preemption in all down_read*() and up_read() code paths (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: disable preemption in all down_write*() and up_write() code paths (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: disable preemption while trying for rwsem lock (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: enable reader optimistic lock stealing (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: fix comment typo (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: fix comments about reader optimistic lock stealing conditions (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: fold __down_{read,write}*() (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: introduce rwsem_write_trylock() (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: make handoff bit handling more consistent (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: no need to check for handoff bit if wait queue empty (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: optimize down_read_trylock() under highly contended case (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: pass the current atomic count to rwsem_down_read_slowpath() (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: prevent non-first waiter from spinning in down_write() slowpath (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: prevent potential lock starvation (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: remove an unused parameter of rwsem_wake() (bsc#1207270 jsc#ped-4567).\n- locking/rwsem: remove reader optimistic spinning (bsc#1207270 jsc#ped-4567).\n- locking: add missing __sched attributes (bsc#1207270 jsc#ped-4567).\n- locking: remove rcu_read_{,un}lock() for preempt_{dis,en}able() (bsc#1207270 jsc#ped-4567).\n- net/sched: sch_qfq: refactor parsing of netlink parameters (bsc#1213585).\n- net: mana: add support for vlan tagging (bsc#1212301).\n- ocfs2: fix a deadlock when commit trans (bsc#1199304).\n- ocfs2: fix defrag path triggering jbd2 assert (bsc#1199304).\n- ocfs2: fix race between searching chunks and release journal_head from buffer_head (bsc#1199304).\n- rpm/check-for-config-changes: ignore also pahole_has_* we now also have options like config_pahole_has_lang_exclude.\n- rpm/check-for-config-changes: ignore also riscv_isa_* and dynamic_sigframe they depend on config_toolchain_has_*.\n- rwsem-rt: implement down_read_interruptible (bsc#1207270, jsc#ped-4567, sle realtime extension).\n- rwsem: implement down_read_interruptible (bsc#1207270 jsc#ped-4567).\n- rwsem: implement down_read_killable_nested (bsc#1207270 jsc#ped-4567).\n- ubi: fix failure attaching when vid_hdr offset equals to (sub)page size (bsc#1210584).\n- ubi: ensure that vid header offset + vid header size \u0026lt;= alloc, size (bsc#1210584).\n- usrmerge: adjust module path in the kernel sources (bsc#1212835).\n- x86/cpu: switch to arch_cpu_finalize_init() (bsc#1206418).\n- x86/fpu: remove cpuinfo argument from init functions (bsc#1206418).\n- x86/microcode/AMD: Make stub function static inline (bsc#1213868).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2023-3421,SUSE-SUSE-MicroOS-5.1-2023-3421,SUSE-SUSE-MicroOS-5.2-2023-3421",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_3421-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2023:3421-1",
"url": "https://www.suse.com/support/update/announcement/2023/suse-su-20233421-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2023:3421-1",
"url": "https://lists.suse.com/pipermail/sle-updates/2023-August/031178.html"
},
{
"category": "self",
"summary": "SUSE Bug 1199304",
"url": "https://bugzilla.suse.com/1199304"
},
{
"category": "self",
"summary": "SUSE Bug 1206418",
"url": "https://bugzilla.suse.com/1206418"
},
{
"category": "self",
"summary": "SUSE Bug 1207270",
"url": "https://bugzilla.suse.com/1207270"
},
{
"category": "self",
"summary": "SUSE Bug 1210584",
"url": "https://bugzilla.suse.com/1210584"
},
{
"category": "self",
"summary": "SUSE Bug 1211131",
"url": "https://bugzilla.suse.com/1211131"
},
{
"category": "self",
"summary": "SUSE Bug 1211738",
"url": "https://bugzilla.suse.com/1211738"
},
{
"category": "self",
"summary": "SUSE Bug 1211867",
"url": "https://bugzilla.suse.com/1211867"
},
{
"category": "self",
"summary": "SUSE Bug 1212301",
"url": "https://bugzilla.suse.com/1212301"
},
{
"category": "self",
"summary": "SUSE Bug 1212741",
"url": "https://bugzilla.suse.com/1212741"
},
{
"category": "self",
"summary": "SUSE Bug 1212835",
"url": "https://bugzilla.suse.com/1212835"
},
{
"category": "self",
"summary": "SUSE Bug 1212846",
"url": "https://bugzilla.suse.com/1212846"
},
{
"category": "self",
"summary": "SUSE Bug 1213059",
"url": "https://bugzilla.suse.com/1213059"
},
{
"category": "self",
"summary": "SUSE Bug 1213061",
"url": "https://bugzilla.suse.com/1213061"
},
{
"category": "self",
"summary": "SUSE Bug 1213167",
"url": "https://bugzilla.suse.com/1213167"
},
{
"category": "self",
"summary": "SUSE Bug 1213245",
"url": "https://bugzilla.suse.com/1213245"
},
{
"category": "self",
"summary": "SUSE Bug 1213286",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "self",
"summary": "SUSE Bug 1213287",
"url": "https://bugzilla.suse.com/1213287"
},
{
"category": "self",
"summary": "SUSE Bug 1213354",
"url": "https://bugzilla.suse.com/1213354"
},
{
"category": "self",
"summary": "SUSE Bug 1213543",
"url": "https://bugzilla.suse.com/1213543"
},
{
"category": "self",
"summary": "SUSE Bug 1213585",
"url": "https://bugzilla.suse.com/1213585"
},
{
"category": "self",
"summary": "SUSE Bug 1213586",
"url": "https://bugzilla.suse.com/1213586"
},
{
"category": "self",
"summary": "SUSE Bug 1213588",
"url": "https://bugzilla.suse.com/1213588"
},
{
"category": "self",
"summary": "SUSE Bug 1213653",
"url": "https://bugzilla.suse.com/1213653"
},
{
"category": "self",
"summary": "SUSE Bug 1213868",
"url": "https://bugzilla.suse.com/1213868"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-40982 page",
"url": "https://www.suse.com/security/cve/CVE-2022-40982/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-0459 page",
"url": "https://www.suse.com/security/cve/CVE-2023-0459/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20569 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20569/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-20593 page",
"url": "https://www.suse.com/security/cve/CVE-2023-20593/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2156 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2156/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-2985 page",
"url": "https://www.suse.com/security/cve/CVE-2023-2985/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3117 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3117/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-31248 page",
"url": "https://www.suse.com/security/cve/CVE-2023-31248/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3390 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3390/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-35001 page",
"url": "https://www.suse.com/security/cve/CVE-2023-35001/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3567 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3567/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3609 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3609/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3611 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3611/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3776 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3776/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2023-3812 page",
"url": "https://www.suse.com/security/cve/CVE-2023-3812/"
}
],
"title": "Security update for the Linux Kernel",
"tracking": {
"current_release_date": "2023-08-24T08:55:49Z",
"generator": {
"date": "2023-08-24T08:55:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2023:3421-1",
"initial_release_date": "2023-08-24T08:55:49Z",
"revision_history": [
{
"date": "2023-08-24T08:55:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-rt-5.3.18-150300.138.2.noarch",
"product": {
"name": "kernel-devel-rt-5.3.18-150300.138.2.noarch",
"product_id": "kernel-devel-rt-5.3.18-150300.138.2.noarch"
}
},
{
"category": "product_version",
"name": "kernel-source-rt-5.3.18-150300.138.2.noarch",
"product": {
"name": "kernel-source-rt-5.3.18-150300.138.2.noarch",
"product_id": "kernel-source-rt-5.3.18-150300.138.2.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "cluster-md-kmp-rt-5.3.18-150300.138.3.x86_64",
"product": {
"name": "cluster-md-kmp-rt-5.3.18-150300.138.3.x86_64",
"product_id": "cluster-md-kmp-rt-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.138.3.x86_64",
"product": {
"name": "cluster-md-kmp-rt_debug-5.3.18-150300.138.3.x86_64",
"product_id": "cluster-md-kmp-rt_debug-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt-5.3.18-150300.138.3.x86_64",
"product": {
"name": "dlm-kmp-rt-5.3.18-150300.138.3.x86_64",
"product_id": "dlm-kmp-rt-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "dlm-kmp-rt_debug-5.3.18-150300.138.3.x86_64",
"product": {
"name": "dlm-kmp-rt_debug-5.3.18-150300.138.3.x86_64",
"product_id": "dlm-kmp-rt_debug-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt-5.3.18-150300.138.3.x86_64",
"product": {
"name": "gfs2-kmp-rt-5.3.18-150300.138.3.x86_64",
"product_id": "gfs2-kmp-rt-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "gfs2-kmp-rt_debug-5.3.18-150300.138.3.x86_64",
"product": {
"name": "gfs2-kmp-rt_debug-5.3.18-150300.138.3.x86_64",
"product_id": "gfs2-kmp-rt_debug-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-5.3.18-150300.138.3.x86_64",
"product": {
"name": "kernel-rt-5.3.18-150300.138.3.x86_64",
"product_id": "kernel-rt-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-devel-5.3.18-150300.138.3.x86_64",
"product": {
"name": "kernel-rt-devel-5.3.18-150300.138.3.x86_64",
"product_id": "kernel-rt-devel-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-extra-5.3.18-150300.138.3.x86_64",
"product": {
"name": "kernel-rt-extra-5.3.18-150300.138.3.x86_64",
"product_id": "kernel-rt-extra-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-livepatch-devel-5.3.18-150300.138.3.x86_64",
"product": {
"name": "kernel-rt-livepatch-devel-5.3.18-150300.138.3.x86_64",
"product_id": "kernel-rt-livepatch-devel-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt-optional-5.3.18-150300.138.3.x86_64",
"product": {
"name": "kernel-rt-optional-5.3.18-150300.138.3.x86_64",
"product_id": "kernel-rt-optional-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-5.3.18-150300.138.3.x86_64",
"product": {
"name": "kernel-rt_debug-5.3.18-150300.138.3.x86_64",
"product_id": "kernel-rt_debug-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-devel-5.3.18-150300.138.3.x86_64",
"product": {
"name": "kernel-rt_debug-devel-5.3.18-150300.138.3.x86_64",
"product_id": "kernel-rt_debug-devel-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-extra-5.3.18-150300.138.3.x86_64",
"product": {
"name": "kernel-rt_debug-extra-5.3.18-150300.138.3.x86_64",
"product_id": "kernel-rt_debug-extra-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.138.3.x86_64",
"product": {
"name": "kernel-rt_debug-livepatch-devel-5.3.18-150300.138.3.x86_64",
"product_id": "kernel-rt_debug-livepatch-devel-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-rt_debug-optional-5.3.18-150300.138.3.x86_64",
"product": {
"name": "kernel-rt_debug-optional-5.3.18-150300.138.3.x86_64",
"product_id": "kernel-rt_debug-optional-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-syms-rt-5.3.18-150300.138.1.x86_64",
"product": {
"name": "kernel-syms-rt-5.3.18-150300.138.1.x86_64",
"product_id": "kernel-syms-rt-5.3.18-150300.138.1.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt-5.3.18-150300.138.3.x86_64",
"product": {
"name": "kselftests-kmp-rt-5.3.18-150300.138.3.x86_64",
"product_id": "kselftests-kmp-rt-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "kselftests-kmp-rt_debug-5.3.18-150300.138.3.x86_64",
"product": {
"name": "kselftests-kmp-rt_debug-5.3.18-150300.138.3.x86_64",
"product_id": "kselftests-kmp-rt_debug-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt-5.3.18-150300.138.3.x86_64",
"product": {
"name": "ocfs2-kmp-rt-5.3.18-150300.138.3.x86_64",
"product_id": "ocfs2-kmp-rt-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.138.3.x86_64",
"product": {
"name": "ocfs2-kmp-rt_debug-5.3.18-150300.138.3.x86_64",
"product_id": "ocfs2-kmp-rt_debug-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt-5.3.18-150300.138.3.x86_64",
"product": {
"name": "reiserfs-kmp-rt-5.3.18-150300.138.3.x86_64",
"product_id": "reiserfs-kmp-rt-5.3.18-150300.138.3.x86_64"
}
},
{
"category": "product_version",
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.138.3.x86_64",
"product": {
"name": "reiserfs-kmp-rt_debug-5.3.18-150300.138.3.x86_64",
"product_id": "reiserfs-kmp-rt_debug-5.3.18-150300.138.3.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.1",
"product": {
"name": "SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Micro 5.2",
"product": {
"name": "SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-microos:5.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.138.3.x86_64 as component of SUSE Linux Enterprise Micro 5.1",
"product_id": "SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.138.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-rt-5.3.18-150300.138.3.x86_64 as component of SUSE Linux Enterprise Micro 5.2",
"product_id": "SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
},
"product_reference": "kernel-rt-5.3.18-150300.138.3.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Micro 5.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-40982",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-40982"
}
],
"notes": [
{
"category": "general",
"text": "Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-40982",
"url": "https://www.suse.com/security/cve/CVE-2022-40982"
},
{
"category": "external",
"summary": "SUSE Bug 1206418 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1206418"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2022-40982",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2022-40982"
},
{
"cve": "CVE-2023-0459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-0459"
}
],
"notes": [
{
"category": "general",
"text": "Copy_from_user on 64-bit versions of the Linux kernel does not implement the __uaccess_begin_nospec allowing a user to bypass the \"access_ok\" check and pass a kernel pointer to copy_from_user(). This would allow an attacker to leak information. We recommend upgrading beyond commit 74e19ef0ff8061ef55957c3abd71614ef0f42f47",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-0459",
"url": "https://www.suse.com/security/cve/CVE-2023-0459"
},
{
"category": "external",
"summary": "SUSE Bug 1211738 for CVE-2023-0459",
"url": "https://bugzilla.suse.com/1211738"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-0459",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-0459"
},
{
"cve": "CVE-2023-20569",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20569"
}
],
"notes": [
{
"category": "general",
"text": "\n\n\nA side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled\u202faddress, potentially leading to information disclosure.\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20569",
"url": "https://www.suse.com/security/cve/CVE-2023-20569"
},
{
"category": "external",
"summary": "SUSE Bug 1213287 for CVE-2023-20569",
"url": "https://bugzilla.suse.com/1213287"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-20569"
},
{
"cve": "CVE-2023-20593",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-20593"
}
],
"notes": [
{
"category": "general",
"text": "An issue in \"Zen 2\" CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-20593",
"url": "https://www.suse.com/security/cve/CVE-2023-20593"
},
{
"category": "external",
"summary": "SUSE Bug 1213286 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213286"
},
{
"category": "external",
"summary": "SUSE Bug 1213616 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1213616"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-20593",
"url": "https://bugzilla.suse.com/1215674"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-20593"
},
{
"cve": "CVE-2023-2156",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2156"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in the networking subsystem of the Linux kernel within the handling of the RPL protocol. This issue results from the lack of proper handling of user-supplied data, which can lead to an assertion failure. This may allow an unauthenticated remote attacker to create a denial of service condition on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2156",
"url": "https://www.suse.com/security/cve/CVE-2023-2156"
},
{
"category": "external",
"summary": "SUSE Bug 1211131 for CVE-2023-2156",
"url": "https://bugzilla.suse.com/1211131"
},
{
"category": "external",
"summary": "SUSE Bug 1211395 for CVE-2023-2156",
"url": "https://bugzilla.suse.com/1211395"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.5,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "important"
}
],
"title": "CVE-2023-2156"
},
{
"cve": "CVE-2023-2985",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-2985"
}
],
"notes": [
{
"category": "general",
"text": "A use after free flaw was found in hfsplus_put_super in fs/hfsplus/super.c in the Linux Kernel. This flaw could allow a local user to cause a denial of service problem.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-2985",
"url": "https://www.suse.com/security/cve/CVE-2023-2985"
},
{
"category": "external",
"summary": "SUSE Bug 1211867 for CVE-2023-2985",
"url": "https://bugzilla.suse.com/1211867"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-2985"
},
{
"cve": "CVE-2023-3117",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3117"
}
],
"notes": [
{
"category": "general",
"text": "Duplicate of CVE-2023-3390.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3117",
"url": "https://www.suse.com/security/cve/CVE-2023-3117"
},
{
"category": "external",
"summary": "SUSE Bug 1212934 for CVE-2023-3117",
"url": "https://bugzilla.suse.com/1212934"
},
{
"category": "external",
"summary": "SUSE Bug 1213245 for CVE-2023-3117",
"url": "https://bugzilla.suse.com/1213245"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "important"
}
],
"title": "CVE-2023-3117"
},
{
"cve": "CVE-2023-31248",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-31248"
}
],
"notes": [
{
"category": "general",
"text": "Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-31248",
"url": "https://www.suse.com/security/cve/CVE-2023-31248"
},
{
"category": "external",
"summary": "SUSE Bug 1213061 for CVE-2023-31248",
"url": "https://bugzilla.suse.com/1213061"
},
{
"category": "external",
"summary": "SUSE Bug 1213064 for CVE-2023-31248",
"url": "https://bugzilla.suse.com/1213064"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "important"
}
],
"title": "CVE-2023-31248"
},
{
"cve": "CVE-2023-3390",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3390"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability was found in the Linux kernel\u0027s netfilter subsystem in net/netfilter/nf_tables_api.c.\n\nMishandled error handling with NFT_MSG_NEWRULE makes it possible to use a dangling pointer in the same transaction causing a use-after-free vulnerability. This flaw allows a local attacker with user access to cause a privilege escalation issue.\n\nWe recommend upgrading past commit 1240eb93f0616b21c675416516ff3d74798fdc97.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3390",
"url": "https://www.suse.com/security/cve/CVE-2023-3390"
},
{
"category": "external",
"summary": "SUSE Bug 1212846 for CVE-2023-3390",
"url": "https://bugzilla.suse.com/1212846"
},
{
"category": "external",
"summary": "SUSE Bug 1212934 for CVE-2023-3390",
"url": "https://bugzilla.suse.com/1212934"
},
{
"category": "external",
"summary": "SUSE Bug 1213245 for CVE-2023-3390",
"url": "https://bugzilla.suse.com/1213245"
},
{
"category": "external",
"summary": "SUSE Bug 1216225 for CVE-2023-3390",
"url": "https://bugzilla.suse.com/1216225"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "important"
}
],
"title": "CVE-2023-3390"
},
{
"cve": "CVE-2023-35001",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-35001"
}
],
"notes": [
{
"category": "general",
"text": "Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-35001",
"url": "https://www.suse.com/security/cve/CVE-2023-35001"
},
{
"category": "external",
"summary": "SUSE Bug 1213059 for CVE-2023-35001",
"url": "https://bugzilla.suse.com/1213059"
},
{
"category": "external",
"summary": "SUSE Bug 1213063 for CVE-2023-35001",
"url": "https://bugzilla.suse.com/1213063"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-35001",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "important"
}
],
"title": "CVE-2023-35001"
},
{
"cve": "CVE-2023-3567",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3567"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free flaw was found in vcs_read in drivers/tty/vt/vc_screen.c in vc_screen in the Linux Kernel. This issue may allow an attacker with local user access to cause a system crash or leak internal kernel information.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3567",
"url": "https://www.suse.com/security/cve/CVE-2023-3567"
},
{
"category": "external",
"summary": "SUSE Bug 1213167 for CVE-2023-3567",
"url": "https://bugzilla.suse.com/1213167"
},
{
"category": "external",
"summary": "SUSE Bug 1213244 for CVE-2023-3567",
"url": "https://bugzilla.suse.com/1213244"
},
{
"category": "external",
"summary": "SUSE Bug 1213842 for CVE-2023-3567",
"url": "https://bugzilla.suse.com/1213842"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3567",
"url": "https://bugzilla.suse.com/1215674"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3567",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3567",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "important"
}
],
"title": "CVE-2023-3567"
},
{
"cve": "CVE-2023-3609",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3609"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_u32 component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 04c55383fa5689357bcdd2c8036725a55ed632bc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3609",
"url": "https://www.suse.com/security/cve/CVE-2023-3609"
},
{
"category": "external",
"summary": "SUSE Bug 1213586 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1213586"
},
{
"category": "external",
"summary": "SUSE Bug 1213587 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1213587"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3609",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "important"
}
],
"title": "CVE-2023-3609"
},
{
"cve": "CVE-2023-3611",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3611"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds write vulnerability in the Linux kernel\u0027s net/sched: sch_qfq component can be exploited to achieve local privilege escalation.\n\nThe qfq_change_agg() function in net/sched/sch_qfq.c allows an out-of-bounds write because lmax is updated according to packet sizes without bounds checks.\n\nWe recommend upgrading past commit 3e337087c3b5805fe0b8a46ba622a962880b5d64.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3611",
"url": "https://www.suse.com/security/cve/CVE-2023-3611"
},
{
"category": "external",
"summary": "SUSE Bug 1213585 for CVE-2023-3611",
"url": "https://bugzilla.suse.com/1213585"
},
{
"category": "external",
"summary": "SUSE Bug 1223091 for CVE-2023-3611",
"url": "https://bugzilla.suse.com/1223091"
},
{
"category": "external",
"summary": "SUSE Bug 1223973 for CVE-2023-3611",
"url": "https://bugzilla.suse.com/1223973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "moderate"
}
],
"title": "CVE-2023-3611"
},
{
"cve": "CVE-2023-3776",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3776"
}
],
"notes": [
{
"category": "general",
"text": "A use-after-free vulnerability in the Linux kernel\u0027s net/sched: cls_fw component can be exploited to achieve local privilege escalation.\n\nIf tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_bind_filter(). If an attacker can control the reference counter and set it to zero, they can cause the reference to be freed, leading to a use-after-free vulnerability.\n\nWe recommend upgrading past commit 0323bce598eea038714f941ce2b22541c46d488f.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3776",
"url": "https://www.suse.com/security/cve/CVE-2023-3776"
},
{
"category": "external",
"summary": "SUSE Bug 1213588 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1213588"
},
{
"category": "external",
"summary": "SUSE Bug 1215119 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1215119"
},
{
"category": "external",
"summary": "SUSE Bug 1215674 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1215674"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1217531"
},
{
"category": "external",
"summary": "SUSE Bug 1221578 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1221578"
},
{
"category": "external",
"summary": "SUSE Bug 1221598 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1221598"
},
{
"category": "external",
"summary": "SUSE Bug 1223091 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1223091"
},
{
"category": "external",
"summary": "SUSE Bug 1223973 for CVE-2023-3776",
"url": "https://bugzilla.suse.com/1223973"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "important"
}
],
"title": "CVE-2023-3776"
},
{
"cve": "CVE-2023-3812",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2023-3812"
}
],
"notes": [
{
"category": "general",
"text": "An out-of-bounds memory access flaw was found in the Linux kernel\u0027s TUN/TAP device driver functionality in how a user generates a malicious (too big) networking packet when napi frags is enabled. This flaw allows a local user to crash or potentially escalate their privileges on the system.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2023-3812",
"url": "https://www.suse.com/security/cve/CVE-2023-3812"
},
{
"category": "external",
"summary": "SUSE Bug 1213543 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1213543"
},
{
"category": "external",
"summary": "SUSE Bug 1213706 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1213706"
},
{
"category": "external",
"summary": "SUSE Bug 1217444 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1217444"
},
{
"category": "external",
"summary": "SUSE Bug 1217531 for CVE-2023-3812",
"url": "https://bugzilla.suse.com/1217531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Micro 5.1:kernel-rt-5.3.18-150300.138.3.x86_64",
"SUSE Linux Enterprise Micro 5.2:kernel-rt-5.3.18-150300.138.3.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2023-08-24T08:55:49Z",
"details": "important"
}
],
"title": "CVE-2023-3812"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…