SUSE-SU-2024:0110-1: important: Security update for the Linux Kernel
SLE-UPDATES
null at suse.de
Wed Jan 17 12:36:51 UTC 2024
# Security update for the Linux Kernel
Announcement ID: SUSE-SU-2024:0110-1
Rating: important
References:
* bsc#1179610
* bsc#1211226
* bsc#1215237
* bsc#1215375
* bsc#1217250
* bsc#1217709
* bsc#1217946
* bsc#1217947
* bsc#1218105
* bsc#1218184
* bsc#1218253
* bsc#1218258
* bsc#1218559
* jsc#PED-5021
Cross-References:
* CVE-2020-26555
* CVE-2023-51779
* CVE-2023-6121
* CVE-2023-6606
* CVE-2023-6610
* CVE-2023-6931
* CVE-2023-6932
CVSS scores:
* CVE-2020-26555 ( SUSE ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2020-26555 ( NVD ): 5.4 CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
* CVE-2023-51779 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6121 ( SUSE ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-6121 ( NVD ): 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
* CVE-2023-6606 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-6606 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-6610 ( SUSE ): 6.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H
* CVE-2023-6610 ( NVD ): 7.1 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
* CVE-2023-6931 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6931 ( NVD ): 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6932 ( SUSE ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
* CVE-2023-6932 ( NVD ): 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products:
* SUSE Linux Enterprise Micro 5.1
* SUSE Linux Enterprise Micro 5.2
* SUSE Linux Enterprise Micro for Rancher 5.2
An update that solves seven vulnerabilities, contains one feature and has six
security fixes can now be installed.
## Description:
The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various
security bugfixes.
The following security bugs were fixed:
* CVE-2020-26555: Fixed an issue during BR/EDR PIN code pairing in the
Bluetooth subsystem that would allow replay attacks (bsc#1179610
bsc#1215237).
* CVE-2023-6121: Fixed an information leak via dmesg when receiving a crafted
packet in the NVMe-oF/TCP subsystem (bsc#1217250).
* CVE-2023-6606: Fixed an out of bounds read in the SMB client when receiving
a malformed length from a server (bsc#1217947).
* CVE-2023-6610: Fixed an out of bounds read in the SMB client when printing
debug information (bsc#1217946).
* CVE-2023-6931: Fixed an out of bounds write in the Performance Events
subsystem when adding a new event (bsc#1218258).
* CVE-2023-6932: Fixed a use-after-free issue when receiving an IGMP query
packet due to reference count mismanagement (bsc#1218253).
* CVE-2023-51779: Fixed a use-after-free because of a bt_sock_ioctl race
condition in bt_sock_recvmsg (bsc#1218559).
The following non-security bugs were fixed:
* Reviewed and added more information to README.SUSE (jsc#PED-5021).
* Enabled multibuild for kernel packages (JSC-SLE#5501, boo#1211226,
bsc#1218184).
* clocksource: Avoid accidental unstable marking of clocksources
(bsc#1218105).
* clocksource: Suspend the watchdog temporarily when high read latency
detected (bsc#1218105).
* efi/mokvar: Reserve the table only if it is in boot services data
(bsc#1215375).
## Special Instructions and Notes:
* Please reboot the system after installing this update.
## Patch Instructions:
To install this SUSE update use the SUSE recommended installation methods like
YaST online_update or "zypper patch".
Alternatively you can run the command listed for your product:
* SUSE Linux Enterprise Micro 5.1
zypper in -t patch SUSE-SUSE-MicroOS-5.1-2024-110=1
* SUSE Linux Enterprise Micro 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-110=1
* SUSE Linux Enterprise Micro for Rancher 5.2
zypper in -t patch SUSE-SUSE-MicroOS-5.2-2024-110=1
## Package List:
* SUSE Linux Enterprise Micro 5.1 (nosrc x86_64)
* kernel-rt-5.3.18-150300.155.1
* SUSE Linux Enterprise Micro 5.1 (x86_64)
* kernel-rt-debugsource-5.3.18-150300.155.1
* kernel-rt-debuginfo-5.3.18-150300.155.1
* SUSE Linux Enterprise Micro 5.2 (nosrc x86_64)
* kernel-rt-5.3.18-150300.155.1
* SUSE Linux Enterprise Micro 5.2 (x86_64)
* kernel-rt-debugsource-5.3.18-150300.155.1
* kernel-rt-debuginfo-5.3.18-150300.155.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (nosrc x86_64)
* kernel-rt-5.3.18-150300.155.1
* SUSE Linux Enterprise Micro for Rancher 5.2 (x86_64)
* kernel-rt-debugsource-5.3.18-150300.155.1
* kernel-rt-debuginfo-5.3.18-150300.155.1
## References:
* https://www.suse.com/security/cve/CVE-2020-26555.html
* https://www.suse.com/security/cve/CVE-2023-51779.html
* https://www.suse.com/security/cve/CVE-2023-6121.html
* https://www.suse.com/security/cve/CVE-2023-6606.html
* https://www.suse.com/security/cve/CVE-2023-6610.html
* https://www.suse.com/security/cve/CVE-2023-6931.html
* https://www.suse.com/security/cve/CVE-2023-6932.html
* https://bugzilla.suse.com/show_bug.cgi?id=1179610
* https://bugzilla.suse.com/show_bug.cgi?id=1211226
* https://bugzilla.suse.com/show_bug.cgi?id=1215237
* https://bugzilla.suse.com/show_bug.cgi?id=1215375
* https://bugzilla.suse.com/show_bug.cgi?id=1217250
* https://bugzilla.suse.com/show_bug.cgi?id=1217709
* https://bugzilla.suse.com/show_bug.cgi?id=1217946
* https://bugzilla.suse.com/show_bug.cgi?id=1217947
* https://bugzilla.suse.com/show_bug.cgi?id=1218105
* https://bugzilla.suse.com/show_bug.cgi?id=1218184
* https://bugzilla.suse.com/show_bug.cgi?id=1218253
* https://bugzilla.suse.com/show_bug.cgi?id=1218258
* https://bugzilla.suse.com/show_bug.cgi?id=1218559
* https://jira.suse.com/browse/PED-5021
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.suse.com/pipermail/sle-updates/attachments/20240117/34d1f6e4/attachment.htm>
More information about the sle-updates
mailing list