Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 569
Alerts This Week
Warning Icon 1 569

openSUSE 15 SP3: 2023:4836-1 Important Local Escalation Fix

opensuse
Calendar Grey December 14, 2023
Scroller Opensuse
Critical announcement regarding Linux Kernel patches addressing vulnerabilities that enable local privilege escalation; prompt action is required.
This update for the Linux Kernel 5.3.18-150300_59_133 fixes several issues

Description

This update for the Linux Kernel 5.3.18-150300_59_133 fixes several issues.

The following security issues were fixed:

* CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables

component can be exploited to achieve local privilege escalation.

(bsc#1215097)

* CVE-2023-4622: Fixed a use-after-free vulnerability in the Unix domain

sockets component which could be exploited to achieve local privilege

escalation (bsc#1215442).

* CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to

unsafe code paths being incorrectly marked as safe, resulting in arbitrary

read/write in kernel memory, lateral privilege escalation, and container

escape. (bsc#1215519)

Patch

## Patch Instructions:

To install this SUSE update use the SUSE recommended installation methods like

YaST online_update or "zypper patch".

Alternatively you can run the command listed for your product:

* openSUSE Leap 15.3

zypper in -t patch SUSE-2023-4837=1 SUSE-2023-4838=1 SUSE-2023-4846=1

SUSE-2023-4836=1

* SUSE Linux Enterprise Live Patching 15-SP3

zypper in -t patch SUSE-SLE-Module-Live-Patching-15-SP3-2023-4837=1 SUSE-SLE-

Module-Live-Patching-15-SP3-2023-4838=1 SUSE-SLE-Module-Live-

Patching-15-SP3-2023-4846=1 SUSE-SLE-Module-Live-Patching-15-SP3-2023-4836=1

Package List

* openSUSE Leap 15.3 (ppc64le s390x x86_64)

* kernel-livepatch-SLE15-SP3_Update_36-debugsource-3-150300.2.1

* kernel-livepatch-SLE15-SP3_Update_26-debugsource-13-150300.2.2

* kernel-livepatch-5_3_18-150300_59_101-default-13-150300.2.2

* kernel-livepatch-SLE15-SP3_Update_29-debugsource-10-150300.2.2

* kernel-livepatch-SLE15-SP3_Update_30-debugsource-9-150300.2.1

* kernel-livepatch-5_3_18-150300_59_101-default-debuginfo-13-150300.2.2

* kernel-livepatch-5_3_18-150300_59_115-default-debuginfo-9-150300.2.1

* kernel-livepatch-5_3_18-150300_59_133-default-debuginfo-3-150300.2.1

* kernel-livepatch-5_3_18-150300_59_112-default-debuginfo-10-150300.2.2

* kernel-livepatch-5_3_18-150300_59_115-default-9-150300.2.1

* kernel-livepatch-5_3_18-150300_59_112-default-10-150300.2.2

* kernel-livepatch-5_3_18-150300_59_133-default-3-150300.2.1

* openSUSE Leap 15.3 (x86_64)

* kernel-livepatch-5_3_18-150300_59_115-preempt-debuginfo-9-150300.2.1

* kernel-livepatch-5_3_18-150300_59_115-preempt-9-150300.2.1

*...

Read the Full Advisory

References

* bsc#1215097

* bsc#1215442

* bsc#1215519

## References:

* https://www.suse.com/security/cve/CVE-2023-2163.html

* https://www.suse.com/security/cve/CVE-2023-3777.html

* https://www.suse.com/security/cve/CVE-2023-4622.html

* https://bugzilla.suse.com/show_bug.cgi?id=1215097

* https://bugzilla.suse.com/show_bug.cgi?id=1215442

* https://bugzilla.suse.com/show_bug.cgi?id=1215519

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4836-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.