Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE 15 SP2: 2024:1719-1 Important Use-After-Free Fixes

suse
Calendar Grey May 21, 2024
Dist Suse Esm H88
Important security enhancements for Linux Kernel Live Patch 46 in SLE 15 SP2 tackle various vulnerabilities; installation instructions included.
* bsc#1210619 * bsc#1218487 * bsc#1222685 * bsc#1223514

Summary

## This update for the Linux Kernel 5.3.18-150200_24_183 fixes several issues. The following security issues were fixed: * CVE-2022-48651: Fixed an out-of-bound bug in ipvlan caused by unset skb->mac_header (bsc#1223514). * CVE-2023-6546: Fixed a race condition that could lead to a use-after-free in the GSM 0710 tty multiplexor (bsc#1222685). * CVE-2023-6531: Fixed a use-after-free due to a race with the deletion of a SKB in unix_stream_read_generic() (bsc#1218487). * CVE-2023-1829: Fixed a use-after-free in tcindex that can lead local privilege escalation (bsc#1210619). ## Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product:

Topics%20covered

Topics Covered

security advisory update important threat management linux kernel use-after-free live patching

References

* bsc#1210619

* bsc#1218487

* bsc#1222685

* bsc#1223514

Cross-

* CVE-2022-48651

* CVE-2023-1829

* CVE-2023-6531

* CVE-2023-6546

CVSS scores:

* CVE-2022-48651 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-1829 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-1829 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6531 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6531 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6546 ( SUSE ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

* CVE-2023-6546 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products:

* SUSE Linux Enterprise High Performance Computing 15 SP2

* SUSE Linux Enterprise Live Patching 15-SP2

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2024:1719-1
Rating: important

Topics%20covered

Topics Covered

security advisory update important threat management linux kernel use-after-free live patching

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here