openSUSE Leap 15.5: 2023:4414-1 Important Local Privilege Escalation Issues
opensuse
November 10, 2023
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various security and bugfixes
Description
The SUSE Linux Enterprise 15 SP5 Azure kernel was updated to receive various
security and bugfixes.
The following security bugs were fixed:
* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables
component can be exploited to achieve local privilege escalation.
(bsc#1215095)
* CVE-2023-46813: Fixed a local privilege escalation with user-space programs
that have access to MMIO regions (bsc#1212649).
* CVE-2023-31085: Fixed a divide-by-zero error in do_div(sz,mtd->erasesize)
that could cause a local DoS. (bsc#1210778)
* CVE-2023-45862: Fixed an issue in the ENE UB6250 reader driver whwere an
object could potentially extend beyond the end of an allocation causing.
(bsc#1216051)
* CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem
(bsc#1215860).
* CVE-2023-5178: Fixed an UAF in queue intialization setup. (bsc#1215768)
* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to
...
Read the Full Advisory
Topics Covered
Patch
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* openSUSE Leap 15.5
zypper in -t patch SUSE-2023-4414=1 openSUSE-SLE-15.5-2023-4414=1
* Public Cloud Module 15-SP5
zypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP5-2023-4414=1
Package List
* openSUSE Leap 15.5 (aarch64 x86_64)
* dlm-kmp-azure-5.14.21-150500.33.23.1
* kernel-azure-debugsource-5.14.21-150500.33.23.1
* reiserfs-kmp-azure-5.14.21-150500.33.23.1
* kselftests-kmp-azure-debuginfo-5.14.21-150500.33.23.1
* gfs2-kmp-azure-5.14.21-150500.33.23.1
* kernel-azure-debuginfo-5.14.21-150500.33.23.1
* cluster-md-kmp-azure-5.14.21-150500.33.23.1
* kernel-azure-optional-debuginfo-5.14.21-150500.33.23.1
* kernel-syms-azure-5.14.21-150500.33.23.1
* cluster-md-kmp-azure-debuginfo-5.14.21-150500.33.23.1
* ocfs2-kmp-azure-5.14.21-150500.33.23.1
* kernel-azure-livepatch-devel-5.14.21-150500.33.23.1
* kernel-azure-devel-5.14.21-150500.33.23.1
* reiserfs-kmp-azure-debuginfo-5.14.21-150500.33.23.1
* kernel-azure-extra-debuginfo-5.14.21-150500.33.23.1
* gfs2-kmp-azure-debuginfo-5.14.21-150500.33.23.1
* kernel-azure-optional-5.14.21-150500.33.23.1
* ocfs2-kmp-azure-debuginfo-5.14.21-150500.33.23.1
* dlm-kmp-azure-debuginfo-5.14.21-150500.33.23.1
* kernel-azure-extra-5.14.21-150500.33.23.1
*...
Read the Full AdvisoryReferences
* bsc#1208788
* bsc#1211162
* bsc#1211307
* bsc#1212423
* bsc#1213705
* bsc#1213772
* bsc#1214754
* bsc#1214874
* bsc#1215104
* bsc#1215523
* bsc#1215545
* bsc#1215921
* bsc#1215955
* bsc#1215986
* bsc#1216062
* bsc#1216202
* bsc#1216322
* bsc#1216323
* bsc#1216324
* bsc#1216333
* bsc#1216345
* bsc#1216512
## References:
* https://www.suse.com/security/cve/CVE-2023-2163.html
* https://www.suse.com/security/cve/CVE-2023-2860.html
* https://www.suse.com/security/cve/CVE-2023-31085.html
* https://www.suse.com/security/cve/CVE-2023-34324.html
* https://www.suse.com/security/cve/CVE-2023-3777.html
* https://www.suse.com/security/cve/CVE-2023-39189.html
* https://www.suse.com/security/cve/CVE-2023-39191.html
* https://www.suse.com/security/cve/CVE-2023-39193.html
* https://www.suse.com/security/cve/CVE-2023-45862.html
* https://www.suse.com/security/cve/CVE-2023-46813.html
* https://www.suse.com/security/cve/CVE-2023-5178.html
* https://bugzilla.suse.com/show_bug.cgi?id=1208788
*...
Read the Full Advisory
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Announcement ID: SUSE-SU-2023:4414-1
Rating: important
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!