Alerts This Week
Warning Icon 1 714
Alerts This Week
Warning Icon 1 714

SUSE: 2023:4358-1 Important: Linux Kernel Denial of Service Patch

suse
Calendar Grey November 3, 2023
Dist Suse Esm H88
This crucial update addresses multiple concerns in the Linux Kernel for SUSE, including security flaws and Denial of Service.
* bsc#1212051 * bsc#1214842 * bsc#1215095 * bsc#1215467 * bsc#1215518

Summary

## The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security and bugfixes. The following security bugs were fixed: * CVE-2023-2163: Fixed an incorrect verifier pruning in BPF that could lead to unsafe code paths being incorrectly marked as safe, resulting in arbitrary read/write in kernel memory, lateral privilege escalation, and container escape. (bsc#1215518) * CVE-2023-3777: Fixed a use-after-free vulnerability in netfilter: nf_tables component can be exploited to achieve local privilege escalation. (bsc#1215095) * CVE-2023-34324: Fixed a possible deadlock in Linux kernel event handling. (bsc#1215745). * CVE-2023-39189: Fixed a flaw in the Netfilter subsystem that could allow a local privileged (CAP_NET_ADMIN) attacker to trigger an out-of-bounds read,

Topics%20covered

Topics Covered

security advisory denial of service kernel patch important update SUSE Linux Micro Linux kernel fix

References

* bsc#1212051

* bsc#1214842

* bsc#1215095

* bsc#1215467

* bsc#1215518

* bsc#1215745

* bsc#1215858

* bsc#1215860

* bsc#1215861

* bsc#1216046

Cross-

* CVE-2023-2163

* CVE-2023-3111

* CVE-2023-34324

* CVE-2023-3777

* CVE-2023-39189

* CVE-2023-39192

* CVE-2023-39193

* CVE-2023-39194

* CVE-2023-42754

CVSS scores:

* CVE-2023-2163 ( SUSE ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

* CVE-2023-2163 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N

* CVE-2023-3111 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-3111 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-34324 ( SUSE ): 5.7 CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

* CVE-2023-3777 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2023:4358-1
Rating: important

Topics%20covered

Topics Covered

security advisory denial of service kernel patch important update SUSE Linux Micro Linux kernel fix

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here