Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP3:Update
patchinfo.28854
_patchinfo
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _patchinfo of Package patchinfo.28854
<patchinfo incident="28854"> <issue id="1202353" tracker="bnc">kernel: replace mkinitrd wrapper with native dracut</issue> <issue id="1205128" tracker="bnc">VUL-0: CVE-2022-43945: kernel-source-azure,kernel-source,kernel-source-rt: nfsd: buffer overflow due to incorrect calculation of send buffer size</issue> <issue id="1206992" tracker="bnc">VUL-0: CVE-2022-2196: kernel-source,kernel-source-rt,kernel-source-azure: kvm: L2 can carry out Spectre v2 attacks on L1</issue> <issue id="1209613" tracker="bnc">VUL-0: CVE-2020-36691: kernel-source,kernel-source-azure,kernel-source-rt: Using netlink to force a CPU into an eternal loop</issue> <issue id="1209687" tracker="bnc">VUL-0: CVE-2023-1611: kernel: race between quota disable and quota assign ioctls in fs/btrfs/ioctl.c</issue> <issue id="1209777" tracker="bnc">VUL-0: CVE-2020-36691: kernel: lib/nlattr.c allows attackers to cause a denial of service</issue> <issue id="1209871" tracker="bnc">VUL-0: CVE-2023-1670: kernel-source-rt,kernel-source-azure,kernel-source: Use after free bug in xirc2ps_detach</issue> <issue id="1210202" tracker="bnc">VUL-0: CVE-2023-1855: kernel: use-after-free bug in remove function xgene_hwmon_remove</issue> <issue id="1210203" tracker="bnc">VUL-0: CVE-2023-1838: kernel: Possible use-after-free since the two fdget() during vhost_net_set_backend()</issue> <issue id="1210301" tracker="bnc">VUL-0: kernel: cifs.ko out of bounds memory access in smb311_decode_neg_context()</issue> <issue id="1210329" tracker="bnc">VUL-0: CVE-2023-30772: kernel: use after free bug in da9150_charger_remove due to race condition</issue> <issue id="1210336" tracker="bnc">VUL-0: CVE-2023-1989: kernel: Use after free bug in btsdio_remove due to race condition</issue> <issue id="1210337" tracker="bnc">VUL-0: CVE-2023-1990: kernel: Use after free bug in ndlc_remove due to race condition</issue> <issue id="1210414" tracker="bnc">VUL-0: CVE-2023-1872: kernel-source-azure,kernel-source,kernel-source-rt: race condition in io_uring when unregistering fixed files</issue> <issue id="1210417" tracker="bnc">VUL-0: CVE-2023-1872: kernel live patch: race condition in io_uring when unregistering fixed files</issue> <issue id="1210453" tracker="bnc">VUL-0: CVE-2023-2008: kernel: udmabuf Improper Validation of Array Index Local Privilege Escalation Vulnerability</issue> <issue id="1210469" tracker="bnc">Obsolete KMP obsoletes</issue> <issue id="1210506" tracker="bnc">VUL-0: CVE-2023-1998: kernel: x86/speculation: Allow enabling STIBP with legacy IBRS</issue> <issue id="1210629" tracker="bnc">VUL-0: CVE-2023-2176: kernel: Slab-out-of-bound read in compare_netdev_and_ip</issue> <issue id="1210647" tracker="bnc">VUL-0: CVE-2023-2162: kernel-source-rt,kernel-source,kernel-source-azure: UAF during login when accessing the shost ipaddress</issue> <issue id="2023-1872" tracker="cve" /> <issue id="2022-2196" tracker="cve" /> <issue id="2023-1670" tracker="cve" /> <issue id="2023-2162" tracker="cve" /> <issue id="2023-2176" tracker="cve" /> <issue id="2023-1998" tracker="cve" /> <issue id="2023-30772" tracker="cve" /> <issue id="2023-2008" tracker="cve" /> <issue id="2023-1855" tracker="cve" /> <issue id="2020-36691" tracker="cve" /> <issue id="2023-1990" tracker="cve" /> <issue id="2023-1989" tracker="cve" /> <issue id="2022-43945" tracker="cve" /> <issue id="2023-1611" tracker="cve" /> <issue id="2023-1838" tracker="cve" /> <category>security</category> <rating>important</rating> <packager>jdelvare</packager> <reboot_needed/> <description>The SUSE Linux Enterprise 15 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2023-1872:Fixed a use after free vulnerability in the io_uring subsystem, which could lead to local privilege escalation (bsc#1210414). - CVE-2022-2196: Fixed a regression related to KVM that allowed for speculative execution attacks (bsc#1206992). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2176: A vulnerability was found in compare_netdev_and_ip in drivers/infiniband/core/cma.c in RDMA. The improper cleanup results in out-of-boundary read, where a local user can utilize this problem to crash the system or escalation of privilege (bsc#1210629). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-30772: Fixed a race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-2008: A flaw was found in the fault handler of the udmabuf device driver. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code (bsc#1210453). - CVE-2023-1855: Fixed a use after free in xgene_hwmon_remove (bsc#1210202). - CVE-2020-36691: Fixed a denial of service (unbounded recursion) vulnerability via a nested Netlink policy with a back reference (bsc#1209613 bsc#1209777). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2022-43945: Fixed a buffer overflow in the NFSD implementation (bsc#1205128). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1838: Fixed an use-after-free flaw in virtio network subcomponent. This flaw could allow a local attacker to crash the system and lead to a kernel information leak problem. (bsc#1210203). The following non-security bugs were fixed: - Drivers: vmbus: Check for channel allocation before looking up relids (git-fixes). - Replace mkinitrd dependency with dracut (bsc#1202353). - cifs: fix negotiate context parsing (bsc#1210301). </description> <summary>Security update for the Linux Kernel</summary> </patchinfo>
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor