SB2024021930 - SUSE update for the Linux Kernel

Description

This security bulletin contains information about 15 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2021-33631)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow when mounting a malicious filesystem. A local user can mount a specially crafted filesystem, trigger an integer overflow and execute arbitrary code.

2) Input validation error (CVE-ID: CVE-2023-46838)

The vulnerability allows an unprivileged guest to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of network packets at the backend. An unprivileged guest can send zero-length packets to the OS kernel and perform a denial of service (DoS) attack.

3) Use-after-free (CVE-ID: CVE-2023-47233)

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the brcm80211 in a brcmf_cfg80211_detach in the device unplugging (disconnect the USB by hotplug) code. An attacker with physical access to device can trigger a use-after-free error and escalate privileges on the system.

4) Use-after-free (CVE-ID: CVE-2023-4921)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in the qfq_dequeue() function within the the Linux kernel's net/sched: sch_qfq component. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

5) Use-after-free (CVE-ID: CVE-2023-51043)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error in drivers/gpu/drm/drm_atomic.c. A local user can trigger a use-after-free error and execute arbitrary code with elevated privileges.

6) Race condition (CVE-ID: CVE-2023-51780)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the ATM (Asynchronous Transfer Mode) subsystem in Linux kernel. A local user can exploit the race and escalate privileges on the system.

7) Race condition (CVE-ID: CVE-2023-51782)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a race condition in the Amateur Radio X.25 PLP (Rose) support. A local user can exploit the race and escalate privileges on the system.

8) Out-of-bounds write (CVE-ID: CVE-2023-6040)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error within the nf_tables_newtable() function in netfilter nf_tables. A local user can trigger an out-of-bounds write and execute arbitrary code with elevated privileges.

9) NULL pointer dereference (CVE-ID: CVE-2023-6356)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_build_iovec() function in the Linux kernel's NVMe driver. A remote attacker can pass specially crafted TCP packets to the system and perform a denial of service (DoS) attack.

10) NULL pointer dereference (CVE-ID: CVE-2023-6535)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the nvmet_tcp_execute_request() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.

11) NULL pointer dereference (CVE-ID: CVE-2023-6536)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the __nvmet_req_complete() function in the Linux kernel's NVMe driver. A remote attacker can send specially crafted NVMe-oF/TCP packets to the system and perform a denial of service (DoS) attack.

12) NULL pointer dereference (CVE-ID: CVE-2023-6915)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error within the ida_free() function in lib/idr.c. A local user can pass specially crafted data to the system and perform a denial of service (DoS) attack.

13) Integer underflow (CVE-ID: CVE-2024-0565)

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer underflow within the receive_encrypted_standard() function in fs/smb/client/smb2ops.c in the SMB Client sub-component in the Linux Kernel. A remote attacker can trick the victim to connect to a malicious SMB server, trigger an integer underflow and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

14) Use-after-free (CVE-ID: CVE-2024-0775)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the __ext4_remount() function in fs/ext4/super.c in ext4. A local user can trigger a use-after-free error and execute arbitrary code on the system.

15) Use-after-free (CVE-ID: CVE-2024-1086)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a use-after-free error within the netfilter nf_tables component in Linux kernel. A local user can trigger a use-after-free error and execute arbitrary code on the system.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2024/suse-su-20240474-1/