SB20250109123 - SUSE update for libmfx

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Out-of-bounds read (CVE-ID: CVE-2023-22656)

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition. A local user can trigger an out-of-bounds read error and read contents of memory on the system, leading to privilege escalation.

2) Buffer overflow (CVE-ID: CVE-2023-45221)

The vulnerability allows a local user to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error. A local user can trigger memory corruption and execute arbitrary code on the target system with elevated privileges.

3) Buffer overflow (CVE-ID: CVE-2023-47169)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error. A local user can trigger memory corruption and cause a denial of service condition on the target system.

4) Out-of-bounds write (CVE-ID: CVE-2023-47282)

The vulnerability allows a local user to compromise vulnerable system.

The vulnerability exists due to a boundary error when processing untrusted input. A local user can trigger an out-of-bounds write and escalate privileges on the system.

5) Input validation error (CVE-ID: CVE-2023-48368)

The vulnerability allows a local user to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://www.suse.com/support/update/announcement/2025/suse-su-20250050-1/