Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 568
Alerts This Week
Warning Icon 1 568

SUSE Linux Enterprise 11 SP4: Update 2023:4028-1 Critical Kernel Issues

suse
Calendar Grey October 10, 2023
Dist Suse Esm H88
The Fedora OS kernel security patch addresses multiple vulnerabilities, including buffer overflow and remote code execution risks.
* #1208600 * #1208995 * #1210448 * #1213666 * #1213927

Summary

## The SUSE Linux Enterprise 11 SP4 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity() that could cause memory corruption (bsc#1208600). * CVE-2023-4623: Fixed a use-after-free issue in the HFSC network scheduler which could be exploited to achieve local privilege escalation (bsc#1215115). * CVE-2023-1192: Fixed use-after-free in cifs_demultiplex_thread() (bsc#1208995). * CVE-2023-20588: Fixed a potential data leak that could be triggered through a side channel when division by zero occurred on some AMD processors (bsc#1213927). * CVE-2023-4459: Fixed a NULL pointer dereference flaw in the vmxnet3 driver that may have allowed a local attacker with user privileges to cause a

References

* #1208600

* #1208995

* #1210448

* #1213666

* #1213927

* #1214348

* #1214451

* #1215115

* PED-4579

Cross-

* CVE-2023-1077

* CVE-2023-1192

* CVE-2023-2007

* CVE-2023-20588

* CVE-2023-3772

* CVE-2023-4385

* CVE-2023-4459

* CVE-2023-4623

CVSS scores:

* CVE-2023-1077 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-1077 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-1192 ( SUSE ): 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-2007 ( SUSE ): 4.4 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

* CVE-2023-2007 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-20588 ( SUSE ): 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

* CVE-2023-20588 ( NVD ): 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4028-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.