Main Vulnerability Database SB2023072141

SB2023072141 - SUSE update for the Linux Kernel

Published: July 21, 2023 Updated: October 25, 2024

Security Bulletin ID SB2023072141

Severity

Medium

Patch available

YES

Number of vulnerabilities 82

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 82 secuirty vulnerabilities.

1) Out-of-bounds write (CVE-ID: CVE-2022-36280)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error within the vmw_kms_cursor_snoo() function in drivers/gpu/vmxgfx/vmxgfx_kms.c in vmwgfx VMWare driver. A local user can trigger an out-of-bounds write and perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2022-38096)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in vmwgfx driver in drivers/gpu/vmxgfx/vmxgfx_execbuf.c in GPU component of Linux kernel with device file '/dev/dri/renderD128 (or Dxxx)'. A local user can perform a denial of service (DoS) attack.

3) Deadlock (CVE-ID: CVE-2022-4269)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to an error in the Linux kernel Traffic Control (TC) subsystem. A local user can use a specific network configuration (redirecting egress packets to ingress using TC action "mirred") to trigger a CPU soft lockup.

4) Use-after-free (CVE-ID: CVE-2022-45884)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvbdev.c in Linux kernel related to dvb_register_device() function dynamically allocating fops. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

5) Use-after-free (CVE-ID: CVE-2022-45885)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvb_frontend.c in Linux kernel. A local user can trigger a race condition and execute arbitrary code with elevated privileges.

6) Use-after-free (CVE-ID: CVE-2022-45886)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvb_net.c in Linux kernel. A local user can trigger a race condition and execute arbitrary code with elevated privileges.

7) Race condition (CVE-ID: CVE-2022-45887)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in drivers/media/usb/ttusb-dec/ttusb_dec.c in Linux kernel. A local user can exploit the race and crash the kernel.

8) Use-after-free (CVE-ID: CVE-2022-45919)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/media/dvb-core/dvb_ca_en50221.c in Linux kernel. A local user can trigger a race condition and execute arbitrary code with elevated privileges.

9) Double Free (CVE-ID: CVE-2022-4744)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the tun_free_netdev() function in the Linux kernel’s TUN/TAP device driver. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

10) Security features bypass (CVE-ID: CVE-2023-0045)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to Linux kernel does not correctly mitigate SMT attacks. A local user can bypass Spectre-BTI user space mitigations and gain access to sensitive information.

11) NULL pointer dereference (CVE-ID: CVE-2023-0122)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the nvmet_setup_auth(0 function in drivers/nvme/target/auth.c. A remote attacker can send specially crafted data to the system and perform a denial of service (DoS) attack.

12) Integer overflow (CVE-ID: CVE-2023-0179)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to an integer overflow within the nft_payload_copy_vlan() function in Linux kernel Netfilter. A local user can trigger an integer overflow and execute arbitrary code with elevated privileges.

13) NULL pointer dereference (CVE-ID: CVE-2023-0394)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the rawv6_push_pending_frames() function in net/ipv6/raw.c. A local user can run a specially crafted program on the system and perform a denial of service (DoS) attack.

14) Use-after-free (CVE-ID: CVE-2023-0461)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Upper Level Protocol (ULP) subsystem in Linux kernel caused by improper handling of sockets entering the LISTEN state in certain protocols. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

15) Use-after-free (CVE-ID: CVE-2023-0469)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error during the cleanup call within the io_install_fixed_file() function in io_uring/filetable.c. A local user can trigger a use-after-free error and perform a denial of service (DoS) attack.

16) Use-after-free (CVE-ID: CVE-2023-0590)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the qdisc_graft() function in net/sched/sch_api.c. A local user can trigger a use-after-free error and crash the kernel.

17) Memory leak (CVE-ID: CVE-2023-0597)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to memory leak within the Linux kernel cpu_entry_area mapping of X86 CPU data. A local user can gain access to sensitive information.

18) Type Confusion (CVE-ID: CVE-2023-1075)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the tls_is_tx_ready() function in the net/tls stack of the Linux Kernel. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

19) Type Confusion (CVE-ID: CVE-2023-1076)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error during initialization of TUN/TAP sockets. A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

20) Type Confusion (CVE-ID: CVE-2023-1077)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a type confusion error within the pick_next_rt_entity() function pick_next_rt_entity(). A local user can trigger a type confusion error and execute arbitrary code with elevated privileges.

21) Use-after-free (CVE-ID: CVE-2023-1079)

The vulnerability allows an attacker to compromise the vulnerable system.

The vulnerability exists due to a use-after-free error within the asus_kbd_backlight_set() function when plugging in a malicious USB device. An attacker with physical access to the system can inject a malicious USB device, trigger a use-after-free error and execute arbitrary code.

22) NULL pointer dereference (CVE-ID: CVE-2023-1095)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the nf_tables_updtable() function within the netfilter subsystem. A local user can perform a denial of service (DoS) attack.

23) Use-after-free (CVE-ID: CVE-2023-1118)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux kernel integrated infrared receiver/transceiver driver "drivers/media/rc/ene_ir.c" when detaching rc device. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

24) Use-after-free (CVE-ID: CVE-2023-1249)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the core dump subsystem in Linux kernel. A local user can trigger a use-after-free error and crash the kernel.

25) NULL pointer dereference (CVE-ID: CVE-2023-1382)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in net/tipc/topsrv.c within the TIPC protocol implementation in the Linux kernel. A local user can perform a denial of service (DoS) attack.

26) Improper Initialization (CVE-ID: CVE-2023-1513)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to improper initialization when calling the KVM_GET_DEBUGREGS ioctl on 32-bit systems. A local user can run a specially crafted application to gain access to sensitive information.

27) Race condition (CVE-ID: CVE-2023-1582)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition within fs/proc/task_mmu.c. A local user can exploit the race and crash the kernel.

28) NULL pointer dereference (CVE-ID: CVE-2023-1583)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the io_file_bitmap_get() function in io_uring/filetable.c in the io_uring sub-component. A local user can trigger denial of service conditions via IORING_FILE_INDEX_ALLOC.

29) Use-after-free (CVE-ID: CVE-2023-1611)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the btrfs_search_slot() function in fs/btrfs/ctree.c. A local user can trigger a use-after-free error and crash the kernel.

30) Information exposure through microarchitectural state after transient execution (CVE-ID: CVE-2023-1637)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due speculative execution behavior in the Linux kernel X86 CPU Power management options functionality. A local user can gain access to sensitive information.

31) Use-after-free (CVE-ID: CVE-2023-1652)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the nfsd4_ssc_setup_dul() function in fs/nfsd/nfs4proc.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

32) Use-after-free (CVE-ID: CVE-2023-1670)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the Xircom 16-bit PCMCIA (PC-card) Ethernet driver. A local user can trigger a use-after-free error and execute arbitrary code on the system.

33) Use-after-free (CVE-ID: CVE-2023-1829)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the tcindex_delete() function. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.

34) Use-after-free (CVE-ID: CVE-2023-1838)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the vhost_net_set_backend() function in drivers/vhost/net.c. A local user can trigger a use-after-free error and crash the kernel.

35) Use-after-free (CVE-ID: CVE-2023-1855)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the xgene_hwmon_remove() function in drivers/hwmon/xgene-hwmon.c in the Hardware Monitoring Linux Kernel Driver (xgene-hwmon). A local user can trigger a use-after-free error and execute arbitrary code on the system.

36) Use-after-free (CVE-ID: CVE-2023-1989)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the btsdio_remove() function in driversluetoothtsdio.c. A local user can trigger a use-after-free error and escalate privileges on the system.

37) Security features bypass (CVE-ID: CVE-2023-1998)

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists due to incorrect implementation of the Spectre v2 SMT mitigations, related to calling prctl with PR_SET_SPECULATION_CTRL. An attacker can gain unauthorized access to kernel memory from userspace.

38) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2023-2002)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to improper permissions check in the Bluetooth subsystem when handling ioctl system calls of HCI sockets. A local user can acquire a trusted socket, leading to unauthorized execution of management commands.

39) Security features bypass (CVE-ID: CVE-2023-21102)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists die to a logic error within the __efi_rt_asm_wrapper() function in efi-rt-wrapper.S. A local application can bypass the shadow stack protection and execute arbitrary code with elevated privileges.

40) Double Free (CVE-ID: CVE-2023-21106)

The vulnerability allows a local application to escalate privileges on the system.

The vulnerability exists due to a boundary error within the adreno_set_param() function in adreno_gpu.c. A local application can trigger a double free error and execute arbitrary code with elevated privileges.

41) Out-of-bounds read (CVE-ID: CVE-2023-2124)

The vulnerability allows a local user to perform a denial of service (DoS) attack..

The vulnerability exists due to a boundary condition within the XFS subsystem in Linux kernel. A local user can trigger an out-of-bounds read error and crash the kernel.

42) Reachable Assertion (CVE-ID: CVE-2023-2156)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a reachable assertion when handling IPv6 RPL protocol. A remote attacker can send specially crafted packets to the system and perform a denial of service (DoS) attack.

43) Use-after-free (CVE-ID: CVE-2023-2162)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a use-after-free error within the scsi_sw_tcp_session_create() function in drivers/scsi/iscsi_tcp.c in SCSI sub-component in the Linux Kernel. A local user can trigger a use-after-free error and gain access to sensitive information.

44) Out-of-bounds read (CVE-ID: CVE-2023-2176)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the compare_netdev_and_ip() function in drivers/infiniband/core/cma.c in RDMA in the Linux Kernel. A local user can trigger an out-of-bounds read error and read contents of memory on the system.

45) Use-after-free (CVE-ID: CVE-2023-2235)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux Kernel Performance Events system. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

46) Improper locking (CVE-ID: CVE-2023-2269)

The vulnerability allows a local user to perform a denial of service attack (DoS).

The vulnerability exists due to double-locking error in table_clear in drivers/md/dm-ioctl.c. A local user can perform a denial of service (DoS) attack.

47) Return of pointer value outside of expected range (CVE-ID: CVE-2023-22998)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to unexpected value of the pointer returned as value in the drm_gem_shmem_get_sg_table() function in drivers/gpu/drm/virtio/virtgpu_object.c. A local user can perform a denial of service (DoS) attack.

48) NULL pointer dereference (CVE-ID: CVE-2023-23000)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the tegra_xusb_find_port_node() function in drivers/phy/tegra/xusb.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

49) Return of pointer value outside of expected range (CVE-ID: CVE-2023-23001)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exist due to the regulator_get() function in drivers/scsi/ufs/ufs-mediatek.c misinterprets the return value. A local user can perform a denial of service (DoS) attack.

50) NULL pointer dereference (CVE-ID: CVE-2023-23004)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the get_sg_table() function in drivers/gpu/drm/arm/malidp_planes.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

51) NULL pointer dereference (CVE-ID: CVE-2023-23006)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the mlx5_get_uars_page() function in drivers/net/ethernet/mellanox/mlx5/core/steering/dr_domain.c. A local user can pass specially crafted data to the systen and perform a denial of service (DoS) attack.

52) Improper locking (CVE-ID: CVE-2023-2430)

The vulnerability allows a local user to perform a denial of service attack (DoS).

The vulnerability exists due to improper locking within the io_uring subsystem in Linux kernel when IOPOLL mode is being used. A local user can crash the kernel.

53) Race condition (CVE-ID: CVE-2023-2483)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a race condition in Qualcomm EMAC Gigabit Ethernet Controller. An attacker with physical access to system can remove the device before cleanup in the emac_remove() function is called, trigger a use-after-free error and crash the kernel.

54) Use-after-free (CVE-ID: CVE-2023-25012)

The vulnerability allows an attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the bigben_remove() function in drivers/hid/hid-bigbenff.c. An attacker with physical access to the system can attach a specially crafted USB device to the system and cause a denial of service condition.

55) Use-after-free (CVE-ID: CVE-2023-2513)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the ext4 filesystem in the way it handled the extra inode size for extended attributes. A local user can trigger a use-after-free error and escalate privileges on the system.

56) Double Free (CVE-ID: CVE-2023-26545)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a double free in net/mpls/af_mpls.c during the renaming of a device. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

57) NULL pointer dereference (CVE-ID: CVE-2023-28327)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the unix_diag_get_exact() function in net/unix/diag.c. A local user can perform a denial of service (DoS) attack.

58) Buffer overflow (CVE-ID: CVE-2023-28410)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error. A local user can trigger memory corruption and execute arbitrary code with elevated privileges.

59) Double Free (CVE-ID: CVE-2023-28464)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the hci_conn_cleanup() function in net/bluetooth/hci_conn.c in Linux kernel. A local user can trigger a double free error and execute arbitrary code with elevated privileges.

60) Out-of-bounds read (CVE-ID: CVE-2023-28866)

The vulnerability allows an attacker to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition in net/bluetooth/hci_sync.c in Linux kernel. An attacker with physical proximity to device can trigger an out-of-bounds read error and read contents of memory on the system.

61) Processor optimization removal or modification of security-critical code (CVE-ID: CVE-2023-3006)

The vulnerability allow a local user to gain access to sensitive information.

The vulnerability exists due to a known cache speculation vulnerability (Spectre-BHB) for the new hw AmpereOne. A local user can gain access to sensitive information.

62) Input validation error (CVE-ID: CVE-2023-30456)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to insufficient validation of consistency for for CR0 and CR4 in arch/x86/kvm/vmx/nested.c in the Linux kernel. A local user can execute arbitrary code with elevated privileges.

63) Race condition (CVE-ID: CVE-2023-30772)

The vulnerability allows an attacker to compromise the affected system.

The vulnerability exists due to a race condition in rivers/power/supply/da9150-charger.c in Linux kernel. An attacker with physical access to device can trigger a race condition while unplugin the device and execute arbitrary code on the system.

64) Out-of-bounds write (CVE-ID: CVE-2023-3090)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the ipvlan network driver in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

65) Deadlock (CVE-ID: CVE-2023-31084)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a deadlock in drivers/media/dvb-core/dvb_frontend.c when a task is in !TASK_RUNNING. A local user can trigger a deadlock and crash the kernel.

66) Use-after-free (CVE-ID: CVE-2023-3111)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the prepare_to_relocate() function in fs/btrfs/relocation.c in btrfs in the Linux Kernel. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

67) Use-after-free (CVE-ID: CVE-2023-3141)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the r592_remove() function of drivers/memstick/host/r592.c in media access in the Linux kernel. A local user can trigger a use-after-free error and escalate privileges on the system.

68) Out-of-bounds write (CVE-ID: CVE-2023-31436)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the qfq_change_class() function in net/sched/sch_qfq.c when handling the MTU value provided to the QFQ Scheduler. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

69) Incorrect calculation (CVE-ID: CVE-2023-3161)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect calculation in the Framebuffer Console (fbcon) in the Linux kernel. A local user can perform a denial of service (DoS) attack.

70) NULL pointer dereference (CVE-ID: CVE-2023-3212)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the gfs2 file system in the Linux kernel. A local user can perform a denial of service (DoS) attack.

71) NULL pointer dereference (CVE-ID: CVE-2023-3220)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the dpu_crtc_atomic_check() function in drivers/gpu/drm/msm/disp/dpu1/dpu_crtc.c. A local user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

72) Use-after-free (CVE-ID: CVE-2023-32233)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in Netfilter nf_tables when processing batch requests. A local user can trigger a use-after-free error and execute arbitrary code with root privileges.

73) Use-after-free (CVE-ID: CVE-2023-33288)

The vulnerability allows a local authenticated user to perform a denial of service (DoS) attack.

The vulnerability exists due to a use-after-free error within the bq24190_remove function in drivers/power/supply/bq24190_charger.c. A local authenticated user can trigger a use-after-free error and perform a denial of service (DoS) attack.

74) NULL pointer dereference (CVE-ID: CVE-2023-3357)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel AMD Sensor Fusion Hub driver. A local user can perform a denial of service (DoS) attack.

75) NULL pointer dereference (CVE-ID: CVE-2023-3358)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the Linux kernel's Integrated Sensor Hub (ISH) driver. A local user and perform a denial of service (DoS) attack.

76) Use-after-free (CVE-ID: CVE-2023-3389)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the Linux Kernel io_uring subsystem. A local user can exploit a race condition and execute arbitrary code with elevated privileges.

77) Race condition (CVE-ID: CVE-2023-33951)

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to a race condition when handling GEM objects within the vmw_user_bo_lookup() function in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can exploit the race and gain unauthorized access to sensitive information on the system.

78) Double free (CVE-ID: CVE-2023-33952)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when handling vmw_buffer_object objects within the vmw_user_bo_lookup() function in drivers/gpu/drm/vmwgfx/vmwgfx_bo.c. A local user can trigger a double free error and execute arbitrary code on the target system with elevated privileges.

79) Out-of-bounds write (CVE-ID: CVE-2023-35788)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the fl_set_geneve_opt() function in net/sched/cls_flower.c in Linux kernel. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

80) Race condition (CVE-ID: CVE-2023-35823)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the saa7134_finidev() function in drivers/media/pci/saa7134/saa7134-core.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

81) Race condition (CVE-ID: CVE-2023-35828)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition within the renesas_usb3_remove() function in drivers/usb/gadget/udc/renesas_usb3.c. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.

82) Use-after-free (CVE-ID: CVE-2023-35829)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the rkvdec_remove() function in drivers/staging/media/rkvdec/rkvdec.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20232871-1/

Vulnerable Software

SUSE Linux Enterprise Live Patching: 15-SP5
SUSE Linux Enterprise High Availability Extension 15: SP5
SUSE Linux Enterprise Workstation Extension 15: SP5
Development Tools Module: 15-SP5
Legacy Module: 15-SP5
Basesystem Module: 15-SP5
SUSE Linux Enterprise Server for SAP Applications 15: SP5
SUSE Linux Enterprise Server 15: SP5
SUSE Linux Enterprise Real Time 15: SP5
SUSE Linux Enterprise High Performance Computing 15: SP5
SUSE Linux Enterprise Desktop 15: SP5
openSUSE Leap: 15.5
kernel-64kb: before 5.14.21-150500.55.7.1
dtb-arm: before 5.14.21-150500.55.7.1
ocfs2-kmp-64kb: before 5.14.21-150500.55.7.1
cluster-md-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1
kernel-64kb-debugsource: before 5.14.21-150500.55.7.1
dtb-amlogic: before 5.14.21-150500.55.7.1
kselftests-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1
kernel-64kb-devel: before 5.14.21-150500.55.7.1
dtb-apple: before 5.14.21-150500.55.7.1
kselftests-kmp-64kb: before 5.14.21-150500.55.7.1
kernel-64kb-devel-debuginfo: before 5.14.21-150500.55.7.1
dtb-amazon: before 5.14.21-150500.55.7.1
dtb-renesas: before 5.14.21-150500.55.7.1
gfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1
reiserfs-kmp-64kb: before 5.14.21-150500.55.7.1
dlm-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1
kernel-64kb-extra-debuginfo: before 5.14.21-150500.55.7.1
dtb-socionext: before 5.14.21-150500.55.7.1
dtb-rockchip: before 5.14.21-150500.55.7.1
dtb-altera: before 5.14.21-150500.55.7.1
dtb-qcom: before 5.14.21-150500.55.7.1
dtb-sprd: before 5.14.21-150500.55.7.1
dlm-kmp-64kb: before 5.14.21-150500.55.7.1
dtb-broadcom: before 5.14.21-150500.55.7.1
dtb-mediatek: before 5.14.21-150500.55.7.1
dtb-marvell: before 5.14.21-150500.55.7.1
kernel-64kb-optional-debuginfo: before 5.14.21-150500.55.7.1
kernel-64kb-optional: before 5.14.21-150500.55.7.1
dtb-apm: before 5.14.21-150500.55.7.1
dtb-freescale: before 5.14.21-150500.55.7.1
ocfs2-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1
dtb-lg: before 5.14.21-150500.55.7.1
dtb-cavium: before 5.14.21-150500.55.7.1
gfs2-kmp-64kb: before 5.14.21-150500.55.7.1
cluster-md-kmp-64kb: before 5.14.21-150500.55.7.1
dtb-nvidia: before 5.14.21-150500.55.7.1
reiserfs-kmp-64kb-debuginfo: before 5.14.21-150500.55.7.1
dtb-amd: before 5.14.21-150500.55.7.1
kernel-64kb-extra: before 5.14.21-150500.55.7.1
kernel-64kb-debuginfo: before 5.14.21-150500.55.7.1
kernel-64kb-livepatch-devel: before 5.14.21-150500.55.7.1
dtb-allwinner: before 5.14.21-150500.55.7.1
dtb-xilinx: before 5.14.21-150500.55.7.1
dtb-hisilicon: before 5.14.21-150500.55.7.1
dtb-exynos: before 5.14.21-150500.55.7.1
dtb-aarch64: before 5.14.21-150500.55.7.1
kernel-zfcpdump-debugsource: before 5.14.21-150500.55.7.1
kernel-zfcpdump-debuginfo: before 5.14.21-150500.55.7.1
kernel-zfcpdump: before 5.14.21-150500.55.7.1
kernel-livepatch-5_14_21-150500_55_7-default: before 1-150500.11.7.1
kernel-livepatch-SLE15-SP5_Update_1-debugsource: before 1-150500.11.7.1
kernel-livepatch-5_14_21-150500_55_7-default-debuginfo: before 1-150500.11.7.1
kernel-kvmsmall: before 5.14.21-150500.55.7.1
kselftests-kmp-default: before 5.14.21-150500.55.7.1
kernel-obs-qa: before 5.14.21-150500.55.7.1
reiserfs-kmp-default: before 5.14.21-150500.55.7.1
kernel-default-optional-debuginfo: before 5.14.21-150500.55.7.1
reiserfs-kmp-default-debuginfo: before 5.14.21-150500.55.7.1
kernel-default-livepatch: before 5.14.21-150500.55.7.1
kernel-default-livepatch-devel: before 5.14.21-150500.55.7.1
kernel-syms: before 5.14.21-150500.55.7.1
kernel-default-devel: before 5.14.21-150500.55.7.1
kernel-default-devel-debuginfo: before 5.14.21-150500.55.7.1
kernel-obs-build-debugsource: before 5.14.21-150500.55.7.1
kernel-obs-build: before 5.14.21-150500.55.7.1
kselftests-kmp-default-debuginfo: before 5.14.21-150500.55.7.1
kernel-default-optional: before 5.14.21-150500.55.7.1
kernel-default-base-rebuild: before 5.14.21-150500.55.7.1.150500.6.2.5
kernel-kvmsmall-devel-debuginfo: before 5.14.21-150500.55.7.1
kernel-default-base: before 5.14.21-150500.55.7.1.150500.6.2.5
kernel-kvmsmall-livepatch-devel: before 5.14.21-150500.55.7.1
kernel-kvmsmall-debuginfo: before 5.14.21-150500.55.7.1
kernel-kvmsmall-debugsource: before 5.14.21-150500.55.7.1
kernel-kvmsmall-devel: before 5.14.21-150500.55.7.1
kernel-default-vdso-debuginfo: before 5.14.21-150500.55.7.1
kernel-debug-vdso-debuginfo: before 5.14.21-150500.55.7.1
kernel-kvmsmall-vdso-debuginfo: before 5.14.21-150500.55.7.1
kernel-kvmsmall-vdso: before 5.14.21-150500.55.7.1
kernel-debug-vdso: before 5.14.21-150500.55.7.1
kernel-default-vdso: before 5.14.21-150500.55.7.1
kernel-debug-debugsource: before 5.14.21-150500.55.7.1
kernel-debug-livepatch-devel: before 5.14.21-150500.55.7.1
kernel-debug-devel: before 5.14.21-150500.55.7.1
kernel-debug-debuginfo: before 5.14.21-150500.55.7.1
kernel-debug-devel-debuginfo: before 5.14.21-150500.55.7.1
kernel-debug: before 5.14.21-150500.55.7.1
kernel-docs-html: before 5.14.21-150500.55.7.1
kernel-devel: before 5.14.21-150500.55.7.1
kernel-source-vanilla: before 5.14.21-150500.55.7.1
kernel-source: before 5.14.21-150500.55.7.1
kernel-macros: before 5.14.21-150500.55.7.1
kernel-docs: before 5.14.21-150500.55.7.1
kernel-default-extra-debuginfo: before 5.14.21-150500.55.7.1
kernel-default-extra: before 5.14.21-150500.55.7.1
kernel-default: before 5.14.21-150500.55.7.1
ocfs2-kmp-default: before 5.14.21-150500.55.7.1
gfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1
dlm-kmp-default-debuginfo: before 5.14.21-150500.55.7.1
cluster-md-kmp-default-debuginfo: before 5.14.21-150500.55.7.1
dlm-kmp-default: before 5.14.21-150500.55.7.1
kernel-default-debugsource: before 5.14.21-150500.55.7.1
kernel-default-debuginfo: before 5.14.21-150500.55.7.1
gfs2-kmp-default: before 5.14.21-150500.55.7.1
cluster-md-kmp-default: before 5.14.21-150500.55.7.1
ocfs2-kmp-default-debuginfo: before 5.14.21-150500.55.7.1