Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 573
Alerts This Week
Warning Icon 1 573

SUSE: 2023:4033-1 Important: Denial Of Service Risk In Linux Kernel

suse
Calendar Grey October 10, 2023
Dist Suse Esm H88
The newest Linux Kernel release addresses 15 major vulnerabilities and introduces vital protective measures for enhanced system security.
* #1065729 * #1109837 * #1152446 * #1154048 * #1208995

Summary

## The SUSE Linux Enterprise 12 SP5 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2023-39194: Fixed an out of bounds read in the XFRM subsystem (bsc#1215861). * CVE-2023-39193: Fixed an out of bounds read in the xtables subsystem (bsc#1215860). * CVE-2023-39192: Fixed an out of bounds read in the netfilter subsystem (bsc#1215858). * CVE-2023-42754: Fixed a NULL pointer dereference in the IPv4 stack that could lead to denial of service (bsc#1215467). * CVE-2023-1206: Fixed a hash collision flaw in the IPv6 connection lookup table which could be exploited by network adjacent attackers, increasing CPU usage by 95% (bsc#1212703). * CVE-2023-4921: Fixed a use-after-free vulnerability in the QFQ network

References

* #1065729

* #1109837

* #1152446

* #1154048

* #1208995

* #1210169

* #1212703

* #1213016

* #1214157

* #1214380

* #1214386

* #1214586

* #1214940

* #1214943

* #1214945

* #1214946

* #1214948

* #1214949

* #1214950

* #1214952

* #1214953

* #1214961

* #1214962

* #1214964

* #1214965

* #1214966

* #1214967

* #1215115

* #1215117

* #1215121

* #1215122

* #1215136

* #1215149

* #1215152

* #1215162

* #1215164

* #1215165

* #1215207

* #1215221

* #1215275

* #1215299

* #1215467

* #1215607

* #1215634

* #1215858

* #1215860

* #1215861

* #1215877

* #1215897

* #1215898

* #1215954

Cross-

* CVE-2020-36766

* CVE-2023-1192

* CVE-2023-1206

* CVE-2023-1859

* CVE-2023-39192

* CVE-2023-39193

* CVE-2023-39194

* CVE-2023-42754

* CVE-2023-4622

* CVE-2023-4623

* CVE-2023-4881

* CVE-2023-4921

CVSS scores:

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4033-1
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.