Security update for the Linux Kernel SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:2805-1 Final 1 1 2023-07-11T04:31:55Z current 2023-07-11T04:31:55Z 2023-07-11T04:31:55Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel The SUSE Linux Enterprise 12 SP2 kernel was updated to receive various security and bugfixes. The following security bugs were fixed: - CVE-2017-5753: Fixed spectre vulnerability in prlimit (bsc#1209256). - CVE-2022-3566: Fixed race condition in the TCP Handler (bsc#1204405). - CVE-2022-45884: Fixed a use-after-free in dvbdev.c, related to dvb_register_device dynamically allocating fops (bsc#1205756). - CVE-2022-45885: Fixed a race condition in dvb_frontend.c that could cause a use-after-free when a device is disconnected (bsc#1205758). - CVE-2022-45886: Fixed a .disconnect versus dvb_device_open race condition in dvb_net.c that lead to a use-after-free (bsc#1205760). - CVE-2022-45887: Fixed a memory leak in ttusb_dec.c caused by the lack of a dvb_frontend_detach call (bsc#1205762). - CVE-2022-45919: Fixed a use-after-free in dvb_ca_en50221.c that could occur if there is a disconnect after an open, because of the lack of a wait_event (bsc#1205803). - CVE-2023-0590: Fixed race condition in qdisc_graft() (bsc#1207795). - CVE-2023-1077: Fixed a type confusion in pick_next_rt_entity(), that could cause memory corruption (bsc#1208600). - CVE-2023-1095: Fixed a NULL pointer dereference in nf_tables due to zeroed list head (bsc#1208777). - CVE-2023-1118: Fixed a use-after-free bugs caused by ene_tx_irqsim() in media/rc (bsc#1208837). - CVE-2023-1249: Fixed a use-after-free flaw in the core dump subsystem that allowed a local user to crash the system (bsc#1209039). - CVE-2023-1380: Fixed a slab-out-of-bound read problem in brcmf_get_assoc_ies() (bsc#1209287). - CVE-2023-1390: Fixed remote DoS vulnerability in tipc_link_xmit() (bsc#1209289). - CVE-2023-1513: Fixed an uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak (bsc#1209532). - CVE-2023-1611: Fixed an use-after-free flaw in btrfs_search_slot (bsc#1209687). - CVE-2023-1670: Fixed a use after free in the Xircom 16-bit PCMCIA Ethernet driver. A local user could use this flaw to crash the system or potentially escalate their privileges on the system (bsc#1209871). - CVE-2023-1989: Fixed a use after free in btsdio_remove (bsc#1210336). - CVE-2023-1990: Fixed a use after free in ndlc_remove (bsc#1210337). - CVE-2023-1998: Fixed a use after free during login when accessing the shost ipaddress (bsc#1210506). - CVE-2023-2124: Fixed an out-of-bound access in the XFS subsystem that could have lead to denial-of-service or potentially privilege escalation (bsc#1210498). - CVE-2023-2162: Fixed an use-after-free flaw in iscsi_sw_tcp_session_create (bsc#1210647). - CVE-2023-2194: Fixed an out-of-bounds write vulnerability in the SLIMpro I2C device driver (bsc#1210715). - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207036). - CVE-2023-23455: Fixed a denial of service inside atm_tc_enqueue in net/sched/sch_atm.c because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results) (bsc#1207125). - CVE-2023-2513: Fixed a use-after-free vulnerability in the ext4 filesystem (bsc#1211105). - CVE-2023-28328: Fixed a denial of service issue in az6027 driver in drivers/media/usb/dev-usb/az6027.c (bsc#1209291). - CVE-2023-28464: Fixed user-after-free that could lead to privilege escalation in hci_conn_cleanup in net/uetooth/hci_conn.c (bsc#1209052). - CVE-2023-28772: Fixed buffer overflow in seq_buf_putmem_hex in lib/seq_buf.c (bsc#1209549). - CVE-2023-30772: Fixed race condition and resultant use-after-free in da9150_charger_remove (bsc#1210329). - CVE-2023-3090: Fixed a heap out-of-bounds write in the ipvlan network driver (bsc#1212842). - CVE-2023-3141: Fixed a use-after-free flaw in r592_remove in drivers/memstick/host/r592.c, that allowed local attackers to crash the system at device disconnect (bsc#1212129). - CVE-2023-31436: Fixed an out-of-bounds write in qfq_change_class() because lmax can exceed QFQ_MIN_LMAX (bsc#1210940). - CVE-2023-3159: Fixed use-after-free issue in driver/firewire in outbound_phy_packet_callback (bsc#1212128). - CVE-2023-3161: Fixed shift-out-of-bounds in fbcon_set_font() (bsc#1212154). - CVE-2023-32269: Fixed a use-after-free in af_netrom.c, related to the fact that accept() was also allowed for a successfully connected AF_NETROM socket (bsc#1211186). - CVE-2023-35824: Fixed a use-after-free in dm1105_remove in drivers/media/pci/dm1105/dm1105.c (bsc#1212501). The following non-security bugs were fixed: - Do not sign the vanilla kernel (bsc#1209008). - Drop dvb-core fix patch due to regression (bsc#1205758). - Revert CVE-2018-20784 due to regression (bsc#1126703). - binfmt_elf: Take the mmap lock when walking the VMA list (bsc#1209039 CVE-2023-1249). - bluetooth: Fix double free in hci_conn_cleanup (bsc#1209052 CVE-2023-28464). - bluetooth: btsdio: fix use after free bug in btsdio_remove due to unfinished work (CVE-2023-1989 bsc#1210336). - btrfs: fix race between quota disable and quota assign ioctls (CVE-2023-1611 bsc#1209687). - do not fallthrough in cbq_classify and stop on TC_ACT_SHOT (bsc#1207036 CVE-2023-23454 bsc#1207125 CVE-2023-23455). - ext4: add EXT4_INODE_HAS_XATTR_SPACE macro in xattr.h (bsc#1206878). - ext4: fix use-after-free in ext4_xattr_set_entry (bsc#1206878 bsc#1211105 CVE-2023-2513). - fbcon: Check font dimension limits (CVE-2023-3161 bsc#1212154). - firewire: fix potential uaf in outbound_phy_packet_callback() (CVE-2023-3159 bsc#1212128). - fix a mistake in the CVE-2023-0590 / bsc#1207795 backport - i2c: xgene-slimpro: Fix out-of-bounds bug in xgene_slimpro_i2c_xfer() (bsc#1210715 CVE-2023-2194). - ipv6: raw: Deduct extension header length in rawv6_push_pending_frames (bsc#1207168). - ipvlan:Fix out-of-bounds caused by unclear skb->cb (bsc#1212842 CVE-2023-3090). - kernel/sys.c: fix potential Spectre v1 issue (bsc#1209256 CVE-2017-5753). - kvm: initialize all of the kvm_debugregs structure before sending it to userspace (bsc#1209532 CVE-2023-1513). - media: dm1105: Fix use after free bug in dm1105_remove due to race condition (bsc#1212501 CVE-2023-35824). - media: dvb-core: Fix use-after-free due on race condition at dvb_net (CVE-2022-45886 bsc#1205760). - media: dvb-core: Fix use-after-free due to race at dvb_register_device() (CVE-2022-45884 bsc#1205756). - media: dvb-core: Fix use-after-free due to race condition at dvb_ca_en50221 (CVE-2022-45919 bsc#1205803). - media: dvb-core: Fix use-after-free on race condition at dvb_frontend (CVE-2022-45885 bsc#1205758). - media: dvb-usb: az6027: fix null-ptr-deref in az6027_i2c_xfer() (bsc#1209291 CVE-2023-28328). - media: dvb_frontend: kABI workaround (CVE-2022-45885 bsc#1205758). - media: dvb_net: kABI workaround (CVE-2022-45886 bsc#1205760). - media: dvbdev: fix error logic at dvb_register_device() (CVE-2022-45884 bsc#1205756). - media: rc: Fix use-after-free bugs caused by ene_tx_irqsim() (CVE-2023-1118 bsc#1208837). - media: ttusb-dec: fix memory leak in ttusb_dec_exit_dvb() (CVE-2022-45887 bsc#1205762). - memstick: r592: Fix UAF bug in r592_remove due to race condition (CVE-2023-3141 bsc#1212129 bsc#1211449). - net: sched: sch_qfq: prevent slab-out-of-bounds in qfq_activate_agg (bsc#1210940 CVE-2023-31436). - netfilter: nf_tables: fix null deref due to zeroed list head (CVE-2023-1095 bsc#1208777). - netrom: Fix use-after-free caused by accept on already connected socket (bsc#1211186 CVE-2023-32269). - nfc: st-nci: Fix use after free bug in ndlc_remove due to race condition (git-fixes bsc#1210337 CVE-2023-1990). - power: supply: da9150: Fix use after free bug in da9150_charger_remove due to race condition (CVE-2023-30772 bsc#1210329). - prlimit: do_prlimit needs to have a speculation check (bsc#1209256 CVE-2017-5753). - sched/rt: pick_next_rt_entity(): check list_entry (bsc#1208600 CVE-2023-1077). - scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress (bsc#1210647 CVE-2023-2162). - seq_buf: Fix overflow in seq_buf_putmem_hex() (bsc#1209549 CVE-2023-28772). - tcp: Fix data races around icsk->icsk_af_ops (bsc#1204405 CVE-2022-3566). - tipc: fix NULL deref in tipc_link_xmit() (bsc#1209289 CVE-2023-1390). - wifi: brcmfmac: slab-out-of-bounds read in brcmf_get_assoc_ies() (bsc#1209287 CVE-2023-1380). - x86/speculation: Allow enabling STIBP with legacy IBRS (bsc#1210506 CVE-2023-1998). - xfs: verify buffer contents when we skip log replay (bsc#1210498 CVE-2023-2124). - xirc2ps_cs: Fix use after free bug in xirc2ps_detach (bsc#1209871 CVE-2023-1670). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-2023-2805,SUSE-SLE-SERVER-12-SP2-BCL-2023-2805 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ Link for SUSE-SU-2023:2805-1 https://lists.suse.com/pipermail/sle-security-updates/2023-July/015468.html E-Mail link for SUSE-SU-2023:2805-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1126703 SUSE Bug 1126703 https://bugzilla.suse.com/1204405 SUSE Bug 1204405 https://bugzilla.suse.com/1205756 SUSE Bug 1205756 https://bugzilla.suse.com/1205758 SUSE Bug 1205758 https://bugzilla.suse.com/1205760 SUSE Bug 1205760 https://bugzilla.suse.com/1205762 SUSE Bug 1205762 https://bugzilla.suse.com/1205803 SUSE Bug 1205803 https://bugzilla.suse.com/1206878 SUSE Bug 1206878 https://bugzilla.suse.com/1207036 SUSE Bug 1207036 https://bugzilla.suse.com/1207125 SUSE Bug 1207125 https://bugzilla.suse.com/1207168 SUSE Bug 1207168 https://bugzilla.suse.com/1207795 SUSE Bug 1207795 https://bugzilla.suse.com/1208600 SUSE Bug 1208600 https://bugzilla.suse.com/1208777 SUSE Bug 1208777 https://bugzilla.suse.com/1208837 SUSE Bug 1208837 https://bugzilla.suse.com/1209008 SUSE Bug 1209008 https://bugzilla.suse.com/1209039 SUSE Bug 1209039 https://bugzilla.suse.com/1209052 SUSE Bug 1209052 https://bugzilla.suse.com/1209256 SUSE Bug 1209256 https://bugzilla.suse.com/1209287 SUSE Bug 1209287 https://bugzilla.suse.com/1209289 SUSE Bug 1209289 https://bugzilla.suse.com/1209291 SUSE Bug 1209291 https://bugzilla.suse.com/1209532 SUSE Bug 1209532 https://bugzilla.suse.com/1209549 SUSE Bug 1209549 https://bugzilla.suse.com/1209687 SUSE Bug 1209687 https://bugzilla.suse.com/1209871 SUSE Bug 1209871 https://bugzilla.suse.com/1210329 SUSE Bug 1210329 https://bugzilla.suse.com/1210336 SUSE Bug 1210336 https://bugzilla.suse.com/1210337 SUSE Bug 1210337 https://bugzilla.suse.com/1210498 SUSE Bug 1210498 https://bugzilla.suse.com/1210506 SUSE Bug 1210506 https://bugzilla.suse.com/1210647 SUSE Bug 1210647 https://bugzilla.suse.com/1210715 SUSE Bug 1210715 https://bugzilla.suse.com/1210940 SUSE Bug 1210940 https://bugzilla.suse.com/1211105 SUSE Bug 1211105 https://bugzilla.suse.com/1211186 SUSE Bug 1211186 https://bugzilla.suse.com/1211449 SUSE Bug 1211449 https://bugzilla.suse.com/1212128 SUSE Bug 1212128 https://bugzilla.suse.com/1212129 SUSE Bug 1212129 https://bugzilla.suse.com/1212154 SUSE Bug 1212154 https://bugzilla.suse.com/1212501 SUSE Bug 1212501 https://bugzilla.suse.com/1212842 SUSE Bug 1212842 https://www.suse.com/security/cve/CVE-2017-5753/ SUSE CVE CVE-2017-5753 page https://www.suse.com/security/cve/CVE-2018-20784/ SUSE CVE CVE-2018-20784 page https://www.suse.com/security/cve/CVE-2022-3566/ SUSE CVE CVE-2022-3566 page https://www.suse.com/security/cve/CVE-2022-45884/ SUSE CVE CVE-2022-45884 page https://www.suse.com/security/cve/CVE-2022-45885/ SUSE CVE CVE-2022-45885 page https://www.suse.com/security/cve/CVE-2022-45886/ SUSE CVE CVE-2022-45886 page https://www.suse.com/security/cve/CVE-2022-45887/ SUSE CVE CVE-2022-45887 page https://www.suse.com/security/cve/CVE-2022-45919/ SUSE CVE CVE-2022-45919 page https://www.suse.com/security/cve/CVE-2023-0590/ SUSE CVE CVE-2023-0590 page https://www.suse.com/security/cve/CVE-2023-1077/ SUSE CVE CVE-2023-1077 page https://www.suse.com/security/cve/CVE-2023-1095/ SUSE CVE CVE-2023-1095 page https://www.suse.com/security/cve/CVE-2023-1118/ SUSE CVE CVE-2023-1118 page https://www.suse.com/security/cve/CVE-2023-1249/ SUSE CVE CVE-2023-1249 page https://www.suse.com/security/cve/CVE-2023-1380/ SUSE CVE CVE-2023-1380 page https://www.suse.com/security/cve/CVE-2023-1390/ SUSE CVE CVE-2023-1390 page https://www.suse.com/security/cve/CVE-2023-1513/ SUSE CVE CVE-2023-1513 page https://www.suse.com/security/cve/CVE-2023-1611/ SUSE CVE CVE-2023-1611 page https://www.suse.com/security/cve/CVE-2023-1670/ SUSE CVE CVE-2023-1670 page https://www.suse.com/security/cve/CVE-2023-1989/ SUSE CVE CVE-2023-1989 page https://www.suse.com/security/cve/CVE-2023-1990/ SUSE CVE CVE-2023-1990 page https://www.suse.com/security/cve/CVE-2023-1998/ SUSE CVE CVE-2023-1998 page https://www.suse.com/security/cve/CVE-2023-2124/ SUSE CVE CVE-2023-2124 page https://www.suse.com/security/cve/CVE-2023-2162/ SUSE CVE CVE-2023-2162 page https://www.suse.com/security/cve/CVE-2023-2194/ SUSE CVE CVE-2023-2194 page https://www.suse.com/security/cve/CVE-2023-23454/ SUSE CVE CVE-2023-23454 page https://www.suse.com/security/cve/CVE-2023-23455/ SUSE CVE CVE-2023-23455 page https://www.suse.com/security/cve/CVE-2023-2513/ SUSE CVE CVE-2023-2513 page https://www.suse.com/security/cve/CVE-2023-28328/ SUSE CVE CVE-2023-28328 page https://www.suse.com/security/cve/CVE-2023-28464/ SUSE CVE CVE-2023-28464 page https://www.suse.com/security/cve/CVE-2023-28772/ SUSE CVE CVE-2023-28772 page https://www.suse.com/security/cve/CVE-2023-30772/ SUSE CVE CVE-2023-30772 page https://www.suse.com/security/cve/CVE-2023-3090/ SUSE CVE CVE-2023-3090 page https://www.suse.com/security/cve/CVE-2023-3141/ SUSE CVE CVE-2023-3141 page https://www.suse.com/security/cve/CVE-2023-31436/ SUSE CVE CVE-2023-31436 page https://www.suse.com/security/cve/CVE-2023-3159/ SUSE CVE CVE-2023-3159 page https://www.suse.com/security/cve/CVE-2023-3161/ SUSE CVE CVE-2023-3161 page https://www.suse.com/security/cve/CVE-2023-32269/ SUSE CVE CVE-2023-32269 page https://www.suse.com/security/cve/CVE-2023-35824/ SUSE CVE CVE-2023-35824 page SUSE Linux Enterprise Server 12 SP2-BCL cluster-md-kmp-debug-4.4.121-92.205.1 cluster-md-kmp-default-4.4.121-92.205.1 cluster-md-kmp-vanilla-4.4.121-92.205.1 cluster-network-kmp-debug-4.4.121-92.205.1 cluster-network-kmp-default-4.4.121-92.205.1 cluster-network-kmp-vanilla-4.4.121-92.205.1 dlm-kmp-debug-4.4.121-92.205.1 dlm-kmp-default-4.4.121-92.205.1 dlm-kmp-vanilla-4.4.121-92.205.1 gfs2-kmp-debug-4.4.121-92.205.1 gfs2-kmp-default-4.4.121-92.205.1 gfs2-kmp-vanilla-4.4.121-92.205.1 kernel-debug-4.4.121-92.205.1 kernel-debug-base-4.4.121-92.205.1 kernel-debug-devel-4.4.121-92.205.1 kernel-debug-extra-4.4.121-92.205.1 kernel-debug-kgraft-4.4.121-92.205.1 kernel-default-4.4.121-92.205.1 kernel-default-base-4.4.121-92.205.1 kernel-default-devel-4.4.121-92.205.1 kernel-default-extra-4.4.121-92.205.1 kernel-default-kgraft-4.4.121-92.205.1 kernel-default-man-4.4.121-92.205.1 kernel-devel-4.4.121-92.205.1 kernel-docs-4.4.121-92.205.1 kernel-docs-html-4.4.121-92.205.1 kernel-docs-pdf-4.4.121-92.205.1 kernel-macros-4.4.121-92.205.1 kernel-obs-build-4.4.121-92.205.1 kernel-obs-qa-4.4.121-92.205.1 kernel-source-4.4.121-92.205.1 kernel-source-vanilla-4.4.121-92.205.1 kernel-syms-4.4.121-92.205.1 kernel-vanilla-4.4.121-92.205.1 kernel-vanilla-base-4.4.121-92.205.1 kernel-vanilla-devel-4.4.121-92.205.1 kernel-zfcpdump-4.4.121-92.205.1 ocfs2-kmp-debug-4.4.121-92.205.1 ocfs2-kmp-default-4.4.121-92.205.1 ocfs2-kmp-vanilla-4.4.121-92.205.1 kernel-default-4.4.121-92.205.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-default-base-4.4.121-92.205.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-default-devel-4.4.121-92.205.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-devel-4.4.121-92.205.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-macros-4.4.121-92.205.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-source-4.4.121-92.205.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL kernel-syms-4.4.121-92.205.1 as a component of SUSE Linux Enterprise Server 12 SP2-BCL Systems with microprocessors utilizing speculative execution and branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis. CVE-2017-5753 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 important 4.9 AV:L/AC:L/Au:N/C:C/I:N/A:N To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2017-5753.html CVE-2017-5753 https://bugzilla.suse.com/1068032 SUSE Bug 1068032 https://bugzilla.suse.com/1074562 SUSE Bug 1074562 https://bugzilla.suse.com/1074578 SUSE Bug 1074578 https://bugzilla.suse.com/1074701 SUSE Bug 1074701 https://bugzilla.suse.com/1075006 SUSE Bug 1075006 https://bugzilla.suse.com/1075419 SUSE Bug 1075419 https://bugzilla.suse.com/1075748 SUSE Bug 1075748 https://bugzilla.suse.com/1080039 SUSE Bug 1080039 https://bugzilla.suse.com/1087084 SUSE Bug 1087084 https://bugzilla.suse.com/1087939 SUSE Bug 1087939 https://bugzilla.suse.com/1089055 SUSE Bug 1089055 https://bugzilla.suse.com/1136865 SUSE Bug 1136865 https://bugzilla.suse.com/1178658 SUSE Bug 1178658 https://bugzilla.suse.com/1201877 SUSE Bug 1201877 https://bugzilla.suse.com/1209547 SUSE Bug 1209547 In the Linux kernel before 4.20.2, kernel/sched/fair.c mishandles leaf cfs_rq's, which allows attackers to cause a denial of service (infinite loop in update_blocked_averages) or possibly have unspecified other impact by inducing a high load. CVE-2018-20784 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2018-20784.html CVE-2018-20784 https://bugzilla.suse.com/1126703 SUSE Bug 1126703 A vulnerability, which was classified as problematic, was found in Linux Kernel. This affects the function tcp_getsockopt/tcp_setsockopt of the component TCP Handler. The manipulation leads to race condition. It is recommended to apply a patch to fix this issue. The identifier VDB-211089 was assigned to this vulnerability. CVE-2022-3566 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2022-3566.html CVE-2022-3566 https://bugzilla.suse.com/1204405 SUSE Bug 1204405 An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvbdev.c has a use-after-free, related to dvb_register_device dynamically allocating fops. CVE-2022-45884 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2022-45884.html CVE-2022-45884 https://bugzilla.suse.com/1205756 SUSE Bug 1205756 An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_frontend.c has a race condition that can cause a use-after-free when a device is disconnected. CVE-2022-45885 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2022-45885.html CVE-2022-45885 https://bugzilla.suse.com/1205758 SUSE Bug 1205758 An issue was discovered in the Linux kernel through 6.0.9. drivers/media/dvb-core/dvb_net.c has a .disconnect versus dvb_device_open race condition that leads to a use-after-free. CVE-2022-45886 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2022-45886.html CVE-2022-45886 https://bugzilla.suse.com/1205760 SUSE Bug 1205760 An issue was discovered in the Linux kernel through 6.0.9. drivers/media/usb/ttusb-dec/ttusb_dec.c has a memory leak because of the lack of a dvb_frontend_detach call. CVE-2022-45887 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2022-45887.html CVE-2022-45887 https://bugzilla.suse.com/1205762 SUSE Bug 1205762 An issue was discovered in the Linux kernel through 6.0.10. In drivers/media/dvb-core/dvb_ca_en50221.c, a use-after-free can occur is there is a disconnect after an open, because of the lack of a wait_event. CVE-2022-45919 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2022-45919.html CVE-2022-45919 https://bugzilla.suse.com/1205803 SUSE Bug 1205803 https://bugzilla.suse.com/1208912 SUSE Bug 1208912 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 A use-after-free flaw was found in qdisc_graft in net/sched/sch_api.c in the Linux Kernel due to a race problem. This flaw leads to a denial of service issue. If patch ebda44da44f6 ("net: sched: fix race condition in qdisc_graft()") not applied yet, then kernel could be affected. CVE-2023-0590 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-0590.html CVE-2023-0590 https://bugzilla.suse.com/1207795 SUSE Bug 1207795 https://bugzilla.suse.com/1207822 SUSE Bug 1207822 https://bugzilla.suse.com/1211495 SUSE Bug 1211495 https://bugzilla.suse.com/1211833 SUSE Bug 1211833 In the Linux kernel, pick_next_rt_entity() may return a type confused entry, not detected by the BUG_ON condition, as the confused entry will not be NULL, but list_head.The buggy error condition would lead to a type confused entry with the list head,which would then be used as a type confused sched_rt_entity,causing memory corruption. CVE-2023-1077 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-1077.html CVE-2023-1077 https://bugzilla.suse.com/1208600 SUSE Bug 1208600 https://bugzilla.suse.com/1208839 SUSE Bug 1208839 https://bugzilla.suse.com/1213841 SUSE Bug 1213841 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 In nf_tables_updtable, if nf_tables_table_enable returns an error, nft_trans_destroy is called to free the transaction object. nft_trans_destroy() calls list_del(), but the transaction was never placed on a list -- the list head is all zeroes, this results in a NULL pointer dereference. CVE-2023-1095 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-1095.html CVE-2023-1095 https://bugzilla.suse.com/1208777 SUSE Bug 1208777 A flaw use after free in the Linux kernel integrated infrared receiver/transceiver driver was found in the way user detaching rc device. A local user could use this flaw to crash the system or potentially escalate their privileges on the system. CVE-2023-1118 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-1118.html CVE-2023-1118 https://bugzilla.suse.com/1208837 SUSE Bug 1208837 https://bugzilla.suse.com/1208910 SUSE Bug 1208910 https://bugzilla.suse.com/1210423 SUSE Bug 1210423 https://bugzilla.suse.com/1211495 SUSE Bug 1211495 https://bugzilla.suse.com/1213841 SUSE Bug 1213841 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 A use-after-free flaw was found in the Linux kernel’s core dump subsystem. This flaw allows a local user to crash the system. Only if patch 390031c94211 ("coredump: Use the vma snapshot in fill_files_note") not applied yet, then kernel could be affected. CVE-2023-1249 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-1249.html CVE-2023-1249 https://bugzilla.suse.com/1209039 SUSE Bug 1209039 A slab-out-of-bound read problem was found in brcmf_get_assoc_ies in drivers/net/wireless/broadcom/brcm80211/brcmfmac/cfg80211.c in the Linux Kernel. This issue could occur when assoc_info->req_len data is bigger than the size of the buffer, defined as WL_EXTRA_BUF_MAX, leading to a denial of service. CVE-2023-1380 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-1380.html CVE-2023-1380 https://bugzilla.suse.com/1209287 SUSE Bug 1209287 A remote denial of service vulnerability was found in the Linux kernel’s TIPC kernel module. The while loop in tipc_link_xmit() hits an unknown state while attempting to parse SKBs, which are not in the queue. Sending two small UDP packets to a system with a UDP bearer results in the CPU utilization for the system to instantly spike to 100%, causing a denial of service condition. CVE-2023-1390 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-1390.html CVE-2023-1390 https://bugzilla.suse.com/1209289 SUSE Bug 1209289 https://bugzilla.suse.com/1210779 SUSE Bug 1210779 https://bugzilla.suse.com/1211495 SUSE Bug 1211495 A flaw was found in KVM. When calling the KVM_GET_DEBUGREGS ioctl, on 32-bit systems, there might be some uninitialized portions of the kvm_debugregs structure that could be copied to userspace, causing an information leak. CVE-2023-1513 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 low To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-1513.html CVE-2023-1513 https://bugzilla.suse.com/1209532 SUSE Bug 1209532 A use-after-free flaw was found in btrfs_search_slot in fs/btrfs/ctree.c in btrfs in the Linux Kernel.This flaw allows an attacker to crash the system and possibly cause a kernel information lea CVE-2023-1611 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-1611.html CVE-2023-1611 https://bugzilla.suse.com/1209687 SUSE Bug 1209687 A flaw use after free in the Linux kernel Xircom 16-bit PCMCIA (PC-card) Ethernet driver was found.A local user could use this flaw to crash the system or potentially escalate their privileges on the system. CVE-2023-1670 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-1670.html CVE-2023-1670 https://bugzilla.suse.com/1209871 SUSE Bug 1209871 A use-after-free flaw was found in btsdio_remove in drivers\bluetooth\btsdio.c in the Linux Kernel. In this flaw, a call to btsdio_remove with an unfinished job, may cause a race problem leading to a UAF on hdev devices. CVE-2023-1989 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-1989.html CVE-2023-1989 https://bugzilla.suse.com/1210336 SUSE Bug 1210336 https://bugzilla.suse.com/1210500 SUSE Bug 1210500 https://bugzilla.suse.com/1213841 SUSE Bug 1213841 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 A use-after-free flaw was found in ndlc_remove in drivers/nfc/st-nci/ndlc.c in the Linux Kernel. This flaw could allow an attacker to crash the system due to a race problem. CVE-2023-1990 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-1990.html CVE-2023-1990 https://bugzilla.suse.com/1210337 SUSE Bug 1210337 https://bugzilla.suse.com/1210501 SUSE Bug 1210501 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 The Linux kernel allows userspace processes to enable mitigations by calling prctl with PR_SET_SPECULATION_CTRL which disables the speculation feature as well as by using seccomp. We had noticed that on VMs of at least one major cloud provider, the kernel still left the victim process exposed to attacks in some cases even after enabling the spectre-BTI mitigation with prctl. The same behavior can be observed on a bare-metal machine when forcing the mitigation to IBRS on boot command line. This happened because when plain IBRS was enabled (not enhanced IBRS), the kernel had some logic that determined that STIBP was not needed. The IBRS bit implicitly protects against cross-thread branch target injection. However, with legacy IBRS, the IBRS bit was cleared on returning to userspace, due to performance reasons, which disabled the implicit STIBP and left userspace threads vulnerable to cross-thread branch target injection against which STIBP protects. CVE-2023-1998 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-1998.html CVE-2023-1998 https://bugzilla.suse.com/1210506 SUSE Bug 1210506 An out-of-bounds memory access flaw was found in the Linux kernel’s XFS file system in how a user restores an XFS image after failure (with a dirty log journal). This flaw allows a local user to crash or potentially escalate their privileges on the system. CVE-2023-2124 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-2124.html CVE-2023-2124 https://bugzilla.suse.com/1210498 SUSE Bug 1210498 A use-after-free vulnerability was found in iscsi_sw_tcp_session_create in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. In this flaw an attacker could leak kernel internal information. CVE-2023-2162 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-2162.html CVE-2023-2162 https://bugzilla.suse.com/1210647 SUSE Bug 1210647 https://bugzilla.suse.com/1210662 SUSE Bug 1210662 https://bugzilla.suse.com/1213841 SUSE Bug 1213841 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 An out-of-bounds write vulnerability was found in the Linux kernel's SLIMpro I2C device driver. The userspace "data->block[0]" variable was not capped to a number between 0-255 and was used as the size of a memcpy, possibly writing beyond the end of dma_buffer. This flaw could allow a local privileged user to crash the system or potentially achieve code execution. CVE-2023-2194 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-2194.html CVE-2023-2194 https://bugzilla.suse.com/1210715 SUSE Bug 1210715 cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). CVE-2023-23454 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-23454.html CVE-2023-23454 https://bugzilla.suse.com/1207036 SUSE Bug 1207036 https://bugzilla.suse.com/1207188 SUSE Bug 1207188 https://bugzilla.suse.com/1208030 SUSE Bug 1208030 https://bugzilla.suse.com/1208044 SUSE Bug 1208044 https://bugzilla.suse.com/1208085 SUSE Bug 1208085 https://bugzilla.suse.com/1211833 SUSE Bug 1211833 atm_tc_enqueue in net/sched/sch_atm.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). CVE-2023-23455 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-23455.html CVE-2023-23455 https://bugzilla.suse.com/1207125 SUSE Bug 1207125 https://bugzilla.suse.com/1207189 SUSE Bug 1207189 https://bugzilla.suse.com/1211833 SUSE Bug 1211833 A use-after-free vulnerability was found in the Linux kernel's ext4 filesystem in the way it handled the extra inode size for extended attributes. This flaw could allow a privileged local user to cause a system crash or other undefined behaviors. CVE-2023-2513 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-2513.html CVE-2023-2513 https://bugzilla.suse.com/1211105 SUSE Bug 1211105 A NULL pointer dereference flaw was found in the az6027 driver in drivers/media/usb/dev-usb/az6027.c in the Linux Kernel. The message from user space is not checked properly before transferring into the device. This flaw allows a local user to crash the system or potentially cause a denial of service. CVE-2023-28328 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-28328.html CVE-2023-28328 https://bugzilla.suse.com/1209291 SUSE Bug 1209291 hci_conn_cleanup in net/bluetooth/hci_conn.c in the Linux kernel through 6.2.9 has a use-after-free (observed in hci_conn_hash_flush) because of calls to hci_dev_put and hci_conn_put. There is a double free that may lead to privilege escalation. CVE-2023-28464 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-28464.html CVE-2023-28464 https://bugzilla.suse.com/1209052 SUSE Bug 1209052 https://bugzilla.suse.com/1211111 SUSE Bug 1211111 An issue was discovered in the Linux kernel before 5.13.3. lib/seq_buf.c has a seq_buf_putmem_hex buffer overflow. CVE-2023-28772 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-28772.html CVE-2023-28772 https://bugzilla.suse.com/1209549 SUSE Bug 1209549 https://bugzilla.suse.com/1211110 SUSE Bug 1211110 https://bugzilla.suse.com/1214378 SUSE Bug 1214378 The Linux kernel before 6.2.9 has a race condition and resultant use-after-free in drivers/power/supply/da9150-charger.c if a physically proximate attacker unplugs a device. CVE-2023-30772 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-30772.html CVE-2023-30772 https://bugzilla.suse.com/1210329 SUSE Bug 1210329 A heap out-of-bounds write vulnerability in the Linux Kernel ipvlan network driver can be exploited to achieve local privilege escalation. The out-of-bounds write is caused by missing skb->cb initialization in the ipvlan network driver. The vulnerability is reachable if CONFIG_IPVLAN is enabled. We recommend upgrading past commit 90cbed5247439a966b645b34eb0a2e037836ea8e. CVE-2023-3090 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-3090.html CVE-2023-3090 https://bugzilla.suse.com/1212842 SUSE Bug 1212842 https://bugzilla.suse.com/1212849 SUSE Bug 1212849 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 A use-after-free flaw was found in r592_remove in drivers/memstick/host/r592.c in media access in the Linux Kernel. This flaw allows a local attacker to crash the system at device disconnect, possibly leading to a kernel information leak. CVE-2023-3141 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-3141.html CVE-2023-3141 https://bugzilla.suse.com/1212129 SUSE Bug 1212129 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 qfq_change_class in net/sched/sch_qfq.c in the Linux kernel before 6.2.13 allows an out-of-bounds write because lmax can exceed QFQ_MIN_LMAX. CVE-2023-31436 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-31436.html CVE-2023-31436 https://bugzilla.suse.com/1210940 SUSE Bug 1210940 https://bugzilla.suse.com/1211260 SUSE Bug 1211260 https://bugzilla.suse.com/1213841 SUSE Bug 1213841 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 A use after free issue was discovered in driver/firewire in outbound_phy_packet_callback in the Linux Kernel. In this flaw a local attacker with special privilege may cause a use after free problem when queue_event() fails. CVE-2023-3159 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-3159.html CVE-2023-3159 https://bugzilla.suse.com/1212128 SUSE Bug 1212128 https://bugzilla.suse.com/1212347 SUSE Bug 1212347 https://bugzilla.suse.com/1213842 SUSE Bug 1213842 https://bugzilla.suse.com/1214128 SUSE Bug 1214128 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 A flaw was found in the Framebuffer Console (fbcon) in the Linux Kernel. When providing font->width and font->height greater than 32 to fbcon_set_font, since there are no checks in place, a shift-out-of-bounds occurs leading to undefined behavior and possible denial of service. CVE-2023-3161 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-3161.html CVE-2023-3161 https://bugzilla.suse.com/1212154 SUSE Bug 1212154 https://bugzilla.suse.com/1215674 SUSE Bug 1215674 An issue was discovered in the Linux kernel before 6.1.11. In net/netrom/af_netrom.c, there is a use-after-free because accept is also allowed for a successfully connected AF_NETROM socket. However, in order for an attacker to exploit this, the system must have netrom routing configured or the attacker must have the CAP_NET_ADMIN capability. CVE-2023-32269 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-32269.html CVE-2023-32269 https://bugzilla.suse.com/1211186 SUSE Bug 1211186 An issue was discovered in the Linux kernel before 6.3.2. A use-after-free was found in dm1105_remove in drivers/media/pci/dm1105/dm1105.c. CVE-2023-35824 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-base-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-default-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-devel-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-macros-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-source-4.4.121-92.205.1 SUSE Linux Enterprise Server 12 SP2-BCL:kernel-syms-4.4.121-92.205.1 moderate To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232805-1/ https://www.suse.com/security/cve/CVE-2023-35824.html CVE-2023-35824 https://bugzilla.suse.com/1212501 SUSE Bug 1212501 https://bugzilla.suse.com/1215674 SUSE Bug 1215674