Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2) SUSE Patch security@suse.de SUSE Security Team SUSE-SU-2023:2413 Final 1 1 2023-06-06T15:09:25Z current 2023-06-06T15:09:25Z 2023-06-06T15:09:25Z cve-database/bin/generate-cvrf.pl 2017-02-24T01:00:00Z Security update for the Linux Kernel (Live Patch 36 for SLE 15 SP2) This update for the Linux Kernel 5.3.18-150200_24_151 fixes one issue. The following security issue was fixed: - CVE-2023-23454: Fixed a type-confusion in the CBQ network scheduler (bsc#1207188). The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). SUSE-SLE-Module-Live-Patching-15-SP2-2023-2413 Copyright SUSE LLC under the Creative Commons License 4.0 with Attribution (CC-BY-4.0) https://www.suse.com/support/update/announcement/2023/suse-su-20232413/ Link for SUSE-SU-2023:2413 https://lists.suse.com/pipermail/sle-updates/2023-June/029743.html E-Mail link for SUSE-SU-2023:2413 https://www.suse.com/support/security/rating/ SUSE Security Ratings https://bugzilla.suse.com/1207188 SUSE Bug 1207188 https://www.suse.com/security/cve/CVE-2023-23454/ SUSE CVE CVE-2023-23454 page SUSE Linux Enterprise Live Patching 15 SP2 kernel-livepatch-5_3_18-150200_24_151-default-2-150200.2.3 kernel-livepatch-5_3_18-150200_24_151-default-2-150200.2.3 as a component of SUSE Linux Enterprise Live Patching 15 SP2 cbq_classify in net/sched/sch_cbq.c in the Linux kernel through 6.1.4 allows attackers to cause a denial of service (slab-out-of-bounds read) because of type confusion (non-negative numbers can sometimes indicate a TC_ACT_SHOT condition rather than valid classification results). CVE-2023-23454 SUSE Linux Enterprise Live Patching 15 SP2:kernel-livepatch-5_3_18-150200_24_151-default-2-150200.2.3 important To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". https://www.suse.com/support/update/announcement/2023/suse-su-20232413/ https://www.suse.com/security/cve/CVE-2023-23454.html CVE-2023-23454 https://bugzilla.suse.com/1207036 SUSE Bug 1207036 https://bugzilla.suse.com/1207188 SUSE Bug 1207188 https://bugzilla.suse.com/1208030 SUSE Bug 1208030 https://bugzilla.suse.com/1208044 SUSE Bug 1208044 https://bugzilla.suse.com/1208085 SUSE Bug 1208085 https://bugzilla.suse.com/1211833 SUSE Bug 1211833