SUSE Linux 12 SP5 Security Update: Kernel Fix SUSE-SU-2024:0117-1 Important
suse
January 16, 2024
* bsc#1109837 * bsc#1179610 * bsc#1202095 * bsc#1211226 * bsc#1211439
Summary
## The SUSE Linux Enterprise 12 SP5 kernel was updated to receive various security bugfixes. The following security bugs were fixed: * CVE-2022-2586: Fixed a use-after-free which can be triggered when a nft table is deleted (bsc#1202095). * CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted packet in the NVMe-oF/TCP subsystem (bsc#1217250). * CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving a malformed length from a server (bsc#1217947). * CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing debug information (bsc#1217946). * CVE-2023-6931: Fixed an out of bounds write in the Performance Events subsystem when adding a new event (bsc#1214158 bsc#1218258). * CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query
References
* bsc#1109837
* bsc#1179610
* bsc#1202095
* bsc#1211226
* bsc#1211439
* bsc#1214158
* bsc#1214479
* bsc#1215237
* bsc#1217036
* bsc#1217250
* bsc#1217801
* bsc#1217936
* bsc#1217946
* bsc#1217947
* bsc#1218057
* bsc#1218184
* bsc#1218253
* bsc#1218258
* bsc#1218362
* bsc#1218559
* bsc#1218622
* jsc#PED-5021
* jsc#PED-5023
Cross-
* CVE-2020-26555
* CVE-2022-2586
* CVE-2023-51779
* CVE-2023-6121
* CVE-2023-6606
* CVE-2023-6610
* CVE-2023-6931
* CVE-2023-6932
CVSS scores:
* CVE-2020-26555 ( SUSE ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2020-26555 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2022-2586 ( SUSE ): 6.7 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
* CVE-2022-2586 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
PREVIOUS
NEXT
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!